SUSE CVE-2024-6284

In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended might block or not block the desired addresses. This issue affects: https://pkg.go.dev/github.com/google/[email protected] The bug was fixe...

UBUNTU-CVE-2024-6284

In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended might block or not block the desired addresses. This issue affects: https://pkg.go.dev/github.com/google/[email protected] The bug was...

Important: kernel-livepatch-4.14.336-257.568

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv-len is a multiple of 4, then dstlen / 4 can write past the destination array which leads to stack corruption. This construct is necessary to clean th...

kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests

A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash or potentially...

kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests

A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash or potentially...