mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 18:11:39 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Florian Westphal 8a2df34b5b netfilter: nf_tables: fix null deref due to zeroed list head 
commit 580077855a upstream.

In nf_tables_updtable, if nf_tables_table_enable returns an error,
nft_trans_destroy is called to free the transaction object.

nft_trans_destroy() calls list_del(), but the transaction was never
placed on a list -- the list head is all zeroes, this results in
a null dereference:

BUG: KASAN: null-ptr-deref in nft_trans_destroy+0x26/0x59
Call Trace:
 nft_trans_destroy+0x26/0x59
 nf_tables_newtable+0x4bc/0x9bc
 [..]

Its sane to assume that nft_trans_destroy() can be called
on the transaction object returned by nft_trans_alloc(), so
make sure the list head is initialised.

Fixes: 55dd6f9307 ("netfilter: nf_tables: use new transaction infrastructure to handle table")
Reported-by: mingi cho <mgcho.minic@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-08-17 14:22:59 +02:00
..
6lowpan
9p xen/9p: use alloc/free_pages_exact() 2022-03-11 12:22:36 +01:00
802
8021q net: vlan: fix underflow for the real_dev refcnt 2021-12-01 09:04:53 +01:00
appletalk
atm
ax25 net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg 2022-06-22 14:22:01 +02:00
batman-adv batman-adv: Use netif_rx_any_context() any. 2022-07-29 17:25:07 +02:00
bluetooth Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put 2022-08-03 12:03:40 +02:00
bpf bpf: Make remote_port field in struct bpf_sk_lookup 16-bit wide 2022-04-13 20:59:25 +02:00
bpfilter
bridge netfilter: br_netfilter: do not skip all hooks with 0 priority 2022-07-21 21:24:34 +02:00
caif
can can: bcm: use call_rcu() instead of costly synchronize_rcu() 2022-07-12 16:34:48 +02:00
ceph libceph: fix potential use-after-free on linger ping and resends 2022-05-25 09:57:28 +02:00
core tcp: Fix data-races around sysctl knobs related to SYN option. 2022-07-29 17:25:22 +02:00
dcb net: dcb: disable softirqs in dcbnl_flush_dev() 2022-03-08 19:12:52 +01:00
dccp
decnet net: Fix data-races around sysctl_[rw]mem(_offset)?. 2022-08-03 12:03:51 +02:00
dns_resolver
dsa net: dsa: Add missing of_node_put() in dsa_port_link_register_of 2022-05-09 09:14:34 +02:00
ethernet
ethtool ethtool: Fix get module eeprom fallback 2022-06-29 09:03:23 +02:00
hsr net: Write lock dev_base_lock without disabling bottom halves. 2022-06-29 09:03:22 +02:00
ieee802154 net: ieee802154: Return meaningful error codes from the netlink helpers 2022-02-08 18:34:09 +01:00
ife
ipv4 ipv4: Fix data-races around sysctl_fib_notify_on_flag_change. 2022-08-03 12:03:52 +02:00
ipv6 tcp: Fix data-races around sysctl_tcp_reflect_tos. 2022-08-03 12:03:52 +02:00
iucv
kcm
key Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" 2022-06-14 18:36:22 +02:00
l2tp ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg 2022-06-22 14:21:58 +02:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-27 14:38:53 +02:00
lapb
llc llc: only change llc->dev when bind() succeeds 2022-03-28 09:58:46 +02:00
mac80211 wifi: mac80211: fix queue selection for mesh/OCB interfaces 2022-07-21 21:24:13 +02:00
mac802154
mctp mctp: Fix check for dev_hard_header() result 2022-04-13 20:59:16 +02:00
mpls net: mpls: Fix notifications when deleting a device 2021-12-08 09:04:47 +01:00
mptcp net: Fix data-races around sysctl_[rw]mem(_offset)?. 2022-08-03 12:03:51 +02:00
ncsi net/ncsi: check for error return from call to nla_put_u32 2022-01-05 12:42:37 +01:00
netfilter netfilter: nf_tables: fix null deref due to zeroed list head 2022-08-17 14:22:59 +02:00
netlabel netlabel: fix out-of-bounds memory accesses 2022-04-13 20:59:10 +02:00
netlink netlink: do not reset transport header in netlink_recvmsg() 2022-05-18 10:26:49 +02:00
netrom netrom: fix api breakage in nr_setsockopt() 2022-01-27 11:04:00 +01:00
nfc NFC: NULL out the dev->rfkill to prevent UAF 2022-06-09 10:22:46 +02:00
nsh
openvswitch net: openvswitch: fix parsing of nw_proto for IPv6 fragments 2022-06-29 09:03:18 +02:00
packet net/packet: fix packet_sock xmit return value checking 2022-04-27 14:38:53 +02:00
phonet phonet: refcount leak in pep_sock_accep 2022-01-11 15:35:16 +01:00
psample
qrtr
rds rds: memory leak in __rds_conn_create() 2021-12-22 09:32:42 +01:00
rfkill rfkill: make new event layout opt-in 2022-04-08 14:23:00 +02:00
rose net: rose: fix UAF bug caused by rose_t0timer_expiry 2022-07-12 16:34:50 +02:00
rxrpc rxrpc: Fix locking issue 2022-07-12 16:35:08 +02:00
sched net/sched: act_api: Notify user space if any actions were flushed before error 2022-07-07 17:53:27 +02:00
sctp sctp: leave the err path free in sctp_stream_init to sctp_stream_free 2022-08-03 12:03:54 +02:00
smc tcp: Fix data-races around keepalive sysctl knobs. 2022-07-29 17:25:17 +02:00
strparser bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2021-11-18 19:17:11 +01:00
sunrpc SUNRPC: Fix READ_PLUS crasher 2022-07-07 17:53:25 +02:00
switchdev
tipc net: Fix data-races around sysctl_[rw]mem(_offset)?. 2022-08-03 12:03:51 +02:00
tls net/tls: Remove the context from the list in tls_device_down 2022-08-03 12:03:47 +02:00
unix af_unix: Fix a data-race in unix_dgram_peer_wake_me(). 2022-06-14 18:36:17 +02:00
vmw_vsock vsock/virtio: enable VQs early on probe 2022-04-08 14:23:51 +02:00
wireless cfg80211: declare MODULE_FIRMWARE for regulatory.db 2022-06-09 10:23:26 +02:00
x25 net/x25: Fix null-ptr-deref caused by x25_disconnect 2022-04-08 14:23:53 +02:00
xdp xsk: Clear page contiguity bit when unmapping pool 2022-07-12 16:35:15 +02:00
xfrm ip: Fix data-races around sysctl_ip_no_pmtu_disc. 2022-07-29 17:25:13 +02:00
compat.c
devres.c
Kconfig
Makefile
socket.c net: fix SOF_TIMESTAMPING_BIND_PHC to work with multiple sockets 2022-01-27 11:03:52 +01:00
sysctl_net.c