netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE (!2853) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Phil Sutter requested to merge psutter1/centos-stream-9:c9s/bz2214035 into main-rt Jul 26, 2023

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2214035 Upstream Status: all upstream in linus.git CVE: CVE-2023-3390

In comparison to non-rt MR!2770, there is one extra backport: d46fc894147cf ("netfilter: nf_tables: validate catch-all set elements"). It was missing in main-rt and caused a context conflict with the next one. Since it is clearly a fix to a commit which has been backported, I decided to pull it in as well instead of manually resolving the (trivial) conflict.

Signed-off-by: Phil Sutter psutter@redhat.com

netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

Merge request reports