Commit a9e34de
netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
jira VULN-4970
cve CVE-2024-27020
commit-author Ziyang Xuan <william.xuanziyang@huawei.com>
commit f969eb8
nft_unregister_expr() can concurrent with __nft_expr_type_get(),
and there is not any protection when iterate over nf_tables_expressions
list in __nft_expr_type_get(). Therefore, there is potential data-race
of nf_tables_expressions list entry.
Use list_for_each_entry_rcu() to iterate over nf_tables_expressions
list in __nft_expr_type_get(), and use rcu_read_lock() in the caller
nft_expr_type_get() to protect the entire type query process.
Fixes: ef1f7df ("netfilter: nf_tables: expression ops overloading")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit f969eb8)
Signed-off-by: CIQ Kernel Automation <ciq_kernel_automation@ciq.com>1 parent 66f0b1c commit a9e34de
1 file changed
Lines changed: 6 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
2807 | 2807 | | |
2808 | 2808 | | |
2809 | 2809 | | |
2810 | | - | |
| 2810 | + | |
2811 | 2811 | | |
2812 | 2812 | | |
2813 | 2813 | | |
| |||
2839 | 2839 | | |
2840 | 2840 | | |
2841 | 2841 | | |
| 2842 | + | |
2842 | 2843 | | |
2843 | | - | |
| 2844 | + | |
| 2845 | + | |
2844 | 2846 | | |
| 2847 | + | |
| 2848 | + | |
2845 | 2849 | | |
2846 | 2850 | | |
2847 | 2851 | | |
| |||
0 commit comments