Nopatch CVE-2023-4244 and CVE-2023-5197 (#6452)

2023-10-17 11:39:41 -07:00 · 2023-10-17 11:39:41 -07:00 · 23219abfad
--- a/SPECS/kernel/CVE-2023-4244.nopatch
+++ b/SPECS/kernel/CVE-2023-4244.nopatch
@ -0,0 +1,35 @@
+CVE-2023-4244 - patched in 5.15.134.1
+
+-- NIST listed patches
+netfilter: nf_tables: remove busy mark and gc batch API
+upstream: a2dd0233cbc4d8a0abb5f64487487ffc9265beb5
+stable: 8f24fe69e3caf56e2d5eeed0f7b249591206ca72
+
+netfilter: nft_set_hash: mark set element as dead when deleting from packet path
+upstream: c92db3030492b8ad1d0faace7a93bbcf53850d0c 
+stable: b290795bd26fed903fa755f4e59616d55d10c4e1
+
+netfilter: nf_tables: adapt set backend to use GC transaction API
+upstream: f6c383b8c31a93752a52697f8430a71dcbc46adf 
+stable: 479a2cf5259347d6a1f658b0f791d27a34908e91
+
+netfilter: nf_tables: GC transaction API to avoid race with control plane
+upstream: 5f68718b34a531a556f2f50300ead2862278da26 
+stable: d19e8bf3ea4114dd21fc35da21f398203d7f7df1
+
+netfilter: nf_tables: don't skip expired elements during walk
+upstream: 24138933b97b055d486e8064b4a1721702442a9b 
+stable: 7c7e658a36f8b1522bd3586d8137e5f93a25ddc5
+
+-- additional relevant patches
+netfilter: nft_dynset: disallow object maps
+upstream: 23185c6aed1ffb8fc44087880ba2767aba493779
+stable: bf221e5e4b19c5b463af94281cb3dc4f8c792741
+
+netfilter: nf_tables: GC transaction race with netns dismantle
+upstream: 02c6c24402bf1c1e986899c14ba22a10b510916b 
+stable: 24707fa1e1f996ec05cf36716d47bfe0bdcad001 
+
+netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
+upstream: 6a33d8b73dfac0a41f3877894b38082bd0c9a5bc 
+stable: 6796800f0d8e5a892bceca7c198c115c4ca9d719 
--- a/SPECS/kernel/CVE-2023-5197.nopatch
+++ b/SPECS/kernel/CVE-2023-5197.nopatch
@ -0,0 +1,3 @@
+CVE-2023-5197 - patched in 5.15.134.1
+Upstream: f15f29fd4779be8a418b66e9d52979bb6d6c2325 
+Stable: 0c5fd85fb01fa1a5dbb9f213b0d1925e671f30df