In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_CT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy, nfnetlink_cttimeout might remove it. The use of templates with zone and event cache filter are safe, since this just copies values. Flush these enqueued packets in case the template rule gets removed.
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: netfilter: xt_CT: descartar paquetes pendientes encolados al eliminar la plantilla Las plantillas se refieren a objetos que pueden desaparecer mientras los paquetes están en nfqueue, se refieren a: - helper, esto puede ser un problema al eliminar el módulo. - política de tiempo de espera, nfnetlink_cttimeout podría eliminarla. El uso de plantillas con filtro de caché de zona y eventos es seguro, ya que esto solo copia valores. Vaciar estos paquetes encolados en caso de que la regla de plantilla sea eliminada.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Type: Secondary
Exploitability Score: 1.8
Impact Score: 5.9
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
NVD-CWE-noinfo
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b8344ce80> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc1dfe40> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc335d80> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdd26d680> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b8052ea40> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b8052e900> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b8344d180> | Operating System |
| linux | linux_kernel | 3.4 | <built-in method update of dict object at 0x702bdd67d540> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702b8344c840> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702b8052fa40> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bddae7200> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bdd67c140> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bfc1dd2c0> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bfc1dd780> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bfc1dde80> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:3.4:-:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:* |