In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
register store validation for NFT_DATA_VALUE is conditional, however,
the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This
only requires a new helper function to infer the register type from the
set datatype so this conditional check can be removed. Otherwise,
pointer to chain object can be leaked through the registers.
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c",
"net/netfilter/nft_lookup.c"
],
"versions": [
{
"version": "96518518cc41",
"lessThan": "40188a25a984",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "23752737c6a6",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "5d43d789b579",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "461302e07f49",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "efb27ad05949",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "952bf8df2225",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "41a6375d48de",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "7931d32955e0",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c",
"net/netfilter/nft_lookup.c"
],
"versions": [
{
"version": "3.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.13",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.317",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.279",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.221",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.97",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.37",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.8",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]
git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4
git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f
git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f
git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8
git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf
git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c
git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564
git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007