* Update on UAF in ip6_do_table on 4.19.X kernel
@ 2020-01-20 22:36 stranche
0 siblings, 0 replies; only message in thread
From: stranche @ 2020-01-20 22:36 UTC (permalink / raw)
To: netfilter-devel; +Cc: subashab
Hi all,
Following up on the thread we submitted earlier here:
https://lore.kernel.org/netfilter-devel/44a69247-87bd-905d-bd1c-e9dcb5027641@gmail.com/
In short, we've seen that on the 4.19.X kernels, there is a crash in the
Xtables framework where the jumpstack can potentially be used after it
is freed. We've narrowed down the cause of this crash to a single patch:
f31e5f1a891f ("netfilter: unlock xt_table earlier in __do_replace"); if
this patch is reverted, the crash is no longer seen.
It seems that the xt_table lock is needed for get_old_counters() to be
synchronized properly with the rest of the framework.
Thanks,
Sean
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-01-20 22:36 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-20 22:36 Update on UAF in ip6_do_table on 4.19.X kernel stranche
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).