nf_tables: nft_dynset: fix possible stateful expression memleak in error path
Platform
linux
Fixed in
d1354873cbe3b344899c4311ac05897fd83e3f21
In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFP_ATOMIC fails, then the first stateful expression remains in place without being released. unreferenced object (percpu) 0x607b97e9cab8 (size 16): comm "softirq", pid 0, jiffies 4294931867 hex dump (first 16 bytes on cpu 3): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace (crc 0): pcpu_alloc_noprof+0x453/0xd80 nft_counter_clone+0x9c/0x190 [nf_tables] nft_expr_clone+0x8f/0x1b0 [nf_tables] nft_dynset_new+0x2cb/0x5f0 [nf_tables] nft_rhash_update+0x236/0x11c0 [nf_tables] nft_dynset_eval+0x11f/0x670 [nf_tables] nft_do_chain+0x253/0x1700 [nf_tables] nft_do_chain_ipv4+0x18d/0x270 [nf_tables] nf_hook_slow+0xaa/0x1e0 ip_local_deliver+0x209/0x330
How to fix
Actualice el kernel de Linux a una versión que incluya la corrección para este problema. La corrección está disponible en los commits d1354873cbe3b344899c4311ac05897fd83e3f21, 31641c682db73353e4647e40735c7f2a75ff58ef y c88a9fd26cee365bec932196f76175772a941cca en el repositorio de Git del kernel de Linux. Consulte las notas de la versión de su distribución de Linux para obtener información sobre cómo actualizar el kernel.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free