Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: reject mismatching sum of field_len with set key lengthThe field length description provides the length of each separated keyfield in the concatenation, each field gets rounded up to 32-bits tocalculate the pipapo rule width from pipapo_init(). The set key lengthprovides the total size of the key aligned to 32-bits.Register-based arithmetics still allows for combining mismatching setkey length and field length description, eg. set key length 10 and fielddescription [ 5, 4 ] leading to pipapo width of 12.
No PoCs from references.
- https://github.com/Sh1r0ko11/redmagic-9spro-exploits
- https://github.com/w4zu/Debian_security