forked from rpms/kernel
Merge pull request 'fixes CVE-2024-1086' (#3) from jonathan/kernel:CVE-2024-1086 into a9
Reviewed-on: rpms/kernel#3 Reviewed-by: eabdullin <eabdullin@noreply.git.almalinux.org>
This commit is contained in:
commit
f131bee94b
34
SOURCES/CVE-2024-1086.patch
Normal file
34
SOURCES/CVE-2024-1086.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
|
||||||
|
index 38ff119ab..11f4b1aab 100644
|
||||||
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
|
@@ -10442,16 +10442,10 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data,
|
||||||
|
data->verdict.code = ntohl(nla_get_be32(tb[NFTA_VERDICT_CODE]));
|
||||||
|
|
||||||
|
switch (data->verdict.code) {
|
||||||
|
- default:
|
||||||
|
- switch (data->verdict.code & NF_VERDICT_MASK) {
|
||||||
|
- case NF_ACCEPT:
|
||||||
|
- case NF_DROP:
|
||||||
|
- case NF_QUEUE:
|
||||||
|
- break;
|
||||||
|
- default:
|
||||||
|
- return -EINVAL;
|
||||||
|
- }
|
||||||
|
- fallthrough;
|
||||||
|
+ case NF_ACCEPT:
|
||||||
|
+ case NF_DROP:
|
||||||
|
+ case NF_QUEUE:
|
||||||
|
+ break;
|
||||||
|
case NFT_CONTINUE:
|
||||||
|
case NFT_BREAK:
|
||||||
|
case NFT_RETURN:
|
||||||
|
@@ -10486,6 +10480,8 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data,
|
||||||
|
|
||||||
|
data->verdict.chain = chain;
|
||||||
|
break;
|
||||||
|
+ default:
|
||||||
|
+ return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
desc->len = sizeof(data->verdict);
|
@ -161,13 +161,14 @@ Summary: The Linux kernel
|
|||||||
# define buildid .local
|
# define buildid .local
|
||||||
%define specversion 5.14.0
|
%define specversion 5.14.0
|
||||||
%define patchversion 5.14
|
%define patchversion 5.14
|
||||||
%define pkgrelease 362.24.1
|
%define pkgrelease 362.24.2
|
||||||
%define kversion 5
|
%define kversion 5
|
||||||
%define tarfile_release 5.14.0-362.24.1.el9_3
|
%define tarfile_release 5.14.0-362.24.1.el9_3
|
||||||
# This is needed to do merge window version magic
|
# This is needed to do merge window version magic
|
||||||
%define patchlevel 14
|
%define patchlevel 14
|
||||||
# This allows pkg_release to have configurable %%{?dist} tag
|
# This allows pkg_release to have configurable %%{?dist} tag
|
||||||
%define specrelease 362.24.1%{?buildid}%{?dist}
|
# alma patched to 362.24.2 but still using 362.24.1 sources plus patch file
|
||||||
|
%define specrelease 362.24.2%{?buildid}%{?dist}
|
||||||
# This defines the kabi tarball version
|
# This defines the kabi tarball version
|
||||||
%define kabiversion 5.14.0-362.24.1.el9_3
|
%define kabiversion 5.14.0-362.24.1.el9_3
|
||||||
|
|
||||||
@ -949,6 +950,7 @@ Patch1: patch-%{patchversion}-redhat.patch
|
|||||||
|
|
||||||
# AlmaLinux patches
|
# AlmaLinux patches
|
||||||
Patch1001: 0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch
|
Patch1001: 0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch
|
||||||
|
Patch1002: CVE-2024-1086.patch
|
||||||
|
|
||||||
# empty final patch to facilitate testing of kernel patches
|
# empty final patch to facilitate testing of kernel patches
|
||||||
Patch999999: linux-kernel-test.patch
|
Patch999999: linux-kernel-test.patch
|
||||||
@ -1695,6 +1697,7 @@ ApplyOptionalPatch patch-%{patchversion}-redhat.patch
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
ApplyPatch 0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch
|
ApplyPatch 0001-nvme-pci-add-BOGUS_NID-for-Intel-0a54-device.patch
|
||||||
|
ApplyPatch CVE-2024-1086.patch
|
||||||
|
|
||||||
ApplyOptionalPatch linux-kernel-test.patch
|
ApplyOptionalPatch linux-kernel-test.patch
|
||||||
|
|
||||||
@ -3741,6 +3744,9 @@ fi
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Mar 29 2024 Jonathan Wright <jonathan@almalinux.org> [5.14.0-362.24.2.el9_3]
|
||||||
|
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters {CVE-2024-1086}
|
||||||
|
|
||||||
* Thu Feb 15 2024 Jan Stancek <jstancek@redhat.com> [5.14.0-362.24.1.el9_3]
|
* Thu Feb 15 2024 Jan Stancek <jstancek@redhat.com> [5.14.0-362.24.1.el9_3]
|
||||||
- RDMA/mlx5: Fix assigning access flags to cache mkeys (Mohammad Kabat) [RHEL-25242 RHEL-882]
|
- RDMA/mlx5: Fix assigning access flags to cache mkeys (Mohammad Kabat) [RHEL-25242 RHEL-882]
|
||||||
- drm/amdgpu: Fix potential fence use-after-free v2 (Jan Stancek) [RHEL-24501 RHEL-24504 RHEL-22506 RHEL-22507] {CVE-2023-51042}
|
- drm/amdgpu: Fix potential fence use-after-free v2 (Jan Stancek) [RHEL-24501 RHEL-24504 RHEL-22506 RHEL-22507] {CVE-2023-51042}
|
||||||
|
Loading…
Reference in New Issue
Block a user