Merge pull request 'fixes CVE-2024-1086' (#4) from jonathan/kernel:CVE-2024-1086-al8 into a8
Reviewed-on: #4 Reviewed-by: eabdullin <eabdullin@noreply.git.almalinux.org>
This commit is contained in:
commit
c999456e26
34
SOURCES/CVE-2024-1086.patch
Normal file
34
SOURCES/CVE-2024-1086.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
|
||||||
|
index c52a1dd1b..3ff44747e 100644
|
||||||
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
|
@@ -8583,16 +8583,10 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data,
|
||||||
|
data->verdict.code = ntohl(nla_get_be32(tb[NFTA_VERDICT_CODE]));
|
||||||
|
|
||||||
|
switch (data->verdict.code) {
|
||||||
|
- default:
|
||||||
|
- switch (data->verdict.code & NF_VERDICT_MASK) {
|
||||||
|
- case NF_ACCEPT:
|
||||||
|
- case NF_DROP:
|
||||||
|
- case NF_QUEUE:
|
||||||
|
- break;
|
||||||
|
- default:
|
||||||
|
- return -EINVAL;
|
||||||
|
- }
|
||||||
|
- /* fall through */
|
||||||
|
+ case NF_ACCEPT:
|
||||||
|
+ case NF_DROP:
|
||||||
|
+ case NF_QUEUE:
|
||||||
|
+ break;
|
||||||
|
case NFT_CONTINUE:
|
||||||
|
case NFT_BREAK:
|
||||||
|
case NFT_RETURN:
|
||||||
|
@@ -8611,6 +8605,8 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data,
|
||||||
|
chain->use++;
|
||||||
|
data->verdict.chain = chain;
|
||||||
|
break;
|
||||||
|
+ default:
|
||||||
|
+ return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
desc->len = sizeof(data->verdict);
|
@ -38,10 +38,11 @@
|
|||||||
# define buildid .local
|
# define buildid .local
|
||||||
|
|
||||||
%define specversion 4.18.0
|
%define specversion 4.18.0
|
||||||
%define pkgrelease 513.18.1.el8_9
|
%define pkgrelease 513.18.2.el8_9
|
||||||
|
|
||||||
# allow pkg_release to have configurable %%{?dist} tag
|
# allow pkg_release to have configurable %%{?dist} tag
|
||||||
%define specrelease 513.18.1%{?dist}
|
# alma patched to 513.18.2 but still using 513.18.1 sources plus patch file
|
||||||
|
%define specrelease 513.18.2%{?dist}
|
||||||
|
|
||||||
%define pkg_release %{specrelease}%{?buildid}
|
%define pkg_release %{specrelease}%{?buildid}
|
||||||
|
|
||||||
@ -526,6 +527,7 @@ Patch999999: linux-kernel-test.patch
|
|||||||
|
|
||||||
Patch1000: debrand-single-cpu.patch
|
Patch1000: debrand-single-cpu.patch
|
||||||
Patch1002: debrand-rh-i686-cpu.patch
|
Patch1002: debrand-rh-i686-cpu.patch
|
||||||
|
Patch1003: CVE-2024-1086.patch
|
||||||
|
|
||||||
Patch1100: 1100-KVM-x86-mmu-Fix-an-sign-extension-bug-with-mmu_seq-t.patch
|
Patch1100: 1100-KVM-x86-mmu-Fix-an-sign-extension-bug-with-mmu_seq-t.patch
|
||||||
|
|
||||||
@ -1092,6 +1094,8 @@ mv linux-%{specversion}-%{pkgrelease} linux-%{KVERREL}
|
|||||||
|
|
||||||
cd linux-%{KVERREL}
|
cd linux-%{KVERREL}
|
||||||
|
|
||||||
|
ApplyPatch CVE-2024-1086.patch
|
||||||
|
|
||||||
ApplyOptionalPatch debrand-single-cpu.patch
|
ApplyOptionalPatch debrand-single-cpu.patch
|
||||||
ApplyOptionalPatch debrand-rh-i686-cpu.patch
|
ApplyOptionalPatch debrand-rh-i686-cpu.patch
|
||||||
# Already applied in the source tarball
|
# Already applied in the source tarball
|
||||||
@ -2692,6 +2696,9 @@ fi
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Mar 29 2024 Jonathan Wright <jonathan@almalinux.org> [4.18.0-513.18.2.el8_9]
|
||||||
|
- netfilter: nf_tables: reject QUEUE/DROP verdict parameters {CVE-2024-1086}
|
||||||
|
|
||||||
* Thu Feb 01 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.18.1.el8_9]
|
* Thu Feb 01 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.18.1.el8_9]
|
||||||
- net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646}
|
- net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646}
|
||||||
- smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
|
- smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
|
||||||
|
Loading…
Reference in New Issue
Block a user