Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_set_pipapo: fix initial map fillThe initial buffer has to be inited to all-ones, but it must restrictit to the size of the first field, not the total field size.After each round in the map search step, the result and the fill mapare swapped, so if we have a set where f->bsize of the first elementis smaller than m->bsize_max, those one-bits are leaked into futurerounds result map.This makes pipapo find an incorrect matching results for sets wherefirst field size is not the largest.Followup patch adds a test case to nft_concat_range.sh selftest script.Thanks to Stefano Brivio for pointing out that we need to zero outthe remainder explicitly, only correcting memset() argument isn't enough.
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds