mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-22 10:31:08 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Pablo Neira Ayuso 4507918cd1 netfilter: nf_tables: deactivate anonymous set from preparation phase 
commit c1592a8994 upstream.

Toggle deleted anonymous sets as inactive in the next generation, so
users cannot perform any update on it. Clear the generation bitmask
in case the transaction is aborted.

The following KASAN splat shows a set element deletion for a bound
anonymous set that has been already removed in the same transaction.

[   64.921510] ==================================================================
[   64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]
[   64.924745] Write of size 8 at addr dead000000000122 by task test/890
[   64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253
[   64.931120] Call Trace:
[   64.932699]  <TASK>
[   64.934292]  dump_stack_lvl+0x33/0x50
[   64.935908]  ? nf_tables_commit+0xa24/0x1490 [nf_tables]
[   64.937551]  kasan_report+0xda/0x120
[   64.939186]  ? nf_tables_commit+0xa24/0x1490 [nf_tables]
[   64.940814]  nf_tables_commit+0xa24/0x1490 [nf_tables]
[   64.942452]  ? __kasan_slab_alloc+0x2d/0x60
[   64.944070]  ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]
[   64.945710]  ? kasan_set_track+0x21/0x30
[   64.947323]  nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]
[   64.948898]  ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-05-11 23:03:42 +09:00
..
6lowpan
9p 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition 2023-04-20 12:35:08 +02:00
802 mrp: introduce active flags to prevent UAF when applicant uninit 2022-12-31 13:33:02 +01:00
8021q vlan: partially enable SIOCSHWTSTAMP in container 2023-05-11 23:03:18 +09:00
appletalk
atm net/atm: fix proc_mpc_write incorrect return value 2022-10-15 11:08:36 +01:00
ax25 ax25: move from strlcpy with unused retval to strscpy 2022-08-22 17:55:50 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-09-22 13:02:10 -07:00
bluetooth bluetooth: Perform careful capability checks in hci_sock_ioctl() 2023-05-01 08:26:27 +09:00
bpf Revert "bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES" 2023-03-17 08:50:32 +01:00
bpfilter
bridge net: bridge: switchdev: don't notify FDB entries with "master dynamic" 2023-04-26 14:28:35 +02:00
caif net: caif: Fix use-after-free in cfusbl_device_notify() 2023-03-17 08:50:24 +01:00
can can: isotp: isotp_recvmsg(): use sock_recv_cmsgs() to get SOCK_RXQ_OVFL infos 2023-04-13 16:55:33 +02:00
ceph use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
core tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. 2023-05-11 23:03:26 +09:00
dcb
dccp netfilter: keep conntrack reference until IPsecv6 policy checks are done 2023-05-11 23:03:18 +09:00
dns_resolver
dsa net: dsa: tag_brcm: legacy: fix daisy-chained switches 2023-03-30 12:49:09 +02:00
ethernet net: gro: skb_gro_header helper function 2022-08-25 10:33:21 +02:00
ethtool ethtool: reset #lanes when lanes is omitted 2023-04-13 16:55:24 +02:00
hsr hsr: ratelimit only when errors are printed 2023-04-06 12:10:58 +02:00
ieee802154 net: ieee802154: fix error return code in dgram_bind() 2022-10-07 09:29:17 +02:00
ife
ipv4 ipv4: Fix potential uninit variable access bug in __ip_make_skb() 2023-05-11 23:03:26 +09:00
ipv6 netfilter: keep conntrack reference until IPsecv6 policy checks are done 2023-05-11 23:03:18 +09:00
iucv net/iucv: Fix size of interrupt data 2023-03-22 13:33:50 +01:00
kcm kcm: close race conditions on sk_receive_queue 2022-11-15 12:42:26 +01:00
key xfrm: Fix oops in __xfrm_state_delete() 2022-11-22 07:14:55 +01:00
l2tp inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). 2023-04-26 14:28:43 +02:00
l3mdev
lapb
llc
mac80211 wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta 2023-04-13 16:55:19 +02:00
mac802154 mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() 2022-12-05 09:53:08 +01:00
mctp net: mctp: purge receive queues on sk destruction 2023-02-06 08:06:34 +01:00
mpls net: mpls: fix stale pointer if allocation fails during device rename 2023-02-22 12:59:53 +01:00
mptcp mptcp: fix accept vs worker race 2023-05-01 08:26:27 +09:00
ncsi genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
netfilter netfilter: nf_tables: deactivate anonymous set from preparation phase 2023-05-11 23:03:42 +09:00
netlabel genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
netlink netlink: Use copy_to_user() for optval in netlink_getsockopt(). 2023-05-11 23:03:26 +09:00
netrom netrom: Fix use-after-free caused by accept on already connected socket 2023-02-09 11:28:06 +01:00
nfc nfc: change order inside nfc_se_io error path 2023-03-17 08:50:17 +01:00
nsh
openvswitch net: openvswitch: fix race on port output 2023-04-20 12:35:09 +02:00
packet net/packet: convert po->auxdata to an atomic flag 2023-05-11 23:03:18 +09:00
phonet
psample genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
qrtr net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() 2023-04-20 12:35:09 +02:00
rds rds: rds_rm_zerocopy_callback() correct order for list_add_tail() 2023-03-10 09:33:02 +01:00
rfkill
rose net/rose: Fix to not accept on connected socket 2023-02-22 12:59:42 +01:00
rxrpc rxrpc: Fix missing unlock in rxrpc_do_sendmsg() 2022-12-31 13:32:55 +01:00
sched net/sched: sch_fq: fix integer overflow of "credit" 2023-05-11 23:03:26 +09:00
sctp sctp: Call inet6_destroy_sock() via sk->sk_destruct(). 2023-04-26 14:28:43 +02:00
smc net/smc: fix deadlock triggered by cancel_delayed_work_syn() 2023-03-22 13:33:47 +01:00
strparser
sunrpc SUNRPC: remove the maximum number of retries in call_bind_status 2023-05-11 23:03:35 +09:00
switchdev
tipc tipc: fix kernel warning when sending SYN message 2023-02-22 12:59:53 +01:00
tls net: tls: fix device-offloaded sendpage straddling records 2023-03-17 08:50:26 +01:00
unix af_unix: fix struct pid leaks in OOB support 2023-03-17 08:50:28 +01:00
vmw_vsock net: vmw_vsock: vmci: Check memcpy_from_msg() 2022-12-31 13:32:26 +01:00
wireless wifi: cfg80211: fix MLO connection ownership 2023-03-22 13:33:43 +01:00
x25 net/x25: Fix to not accept on connected socket 2023-02-09 11:28:13 +01:00
xdp xsk: Fix unaligned descriptor validation 2023-05-11 23:03:21 +09:00
xfrm xfrm: Zero padding when dumping algos and encap 2023-04-06 12:10:37 +02:00
compat.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
devres.c
Kconfig Remove DECnet support from kernel 2022-08-22 14:26:30 +01:00
Kconfig.debug net: make NET_(DEV|NS)_REFCNT_TRACKER depend on NET 2022-09-20 14:23:56 -07:00
Makefile Remove DECnet support from kernel 2022-08-22 14:26:30 +01:00
socket.c net: avoid double iput when sock_alloc_file fails 2023-03-10 09:34:34 +01:00
sysctl_net.c