commit | ec54f531f46e7df92d25d2e72aac3902cb8588cc | [log] [tgz] |
---|---|---|
author | Pablo Neira Ayuso <[email protected]> | Wed Feb 07 18:49:51 2024 +0100 |
committer | COS Cherry Picker <[email protected]> | Mon Feb 26 14:40:17 2024 -0800 |
tree | 2b829307804a69e737dbb0c31161068ab1b5b744 | |
parent | d3ad8c9dff2d3aba02a53bf1c4337e07ac58a008 [diff] |
netfilter: nft_set_rbtree: skip end interval element from gc commit 60c0c230c6f046da536d3df8b39a20b9a9fd6af0 upstream. rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active. BUG=b/325656688 TEST=presubmit RELEASE_NOTE=Fixed CVE-2024-26581 in the Linux kernel. cos-patch: security-high Fixes: f718863aca46 ("netfilter: nft_set_rbtree: fix overlap expiration walk") Cc: [email protected] Reported-by: lonial con <[email protected]> Change-Id: If8cc1a513a524d4e45cd8a7eceaab97aa9109410 Signed-off-by: Pablo Neira Ayuso <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> (cherry picked from commit 1296c110c5a0b45a8fcf58e7d18bc5da61a565cb) Signed-off-by: Robert Kolchmeyer <[email protected]> Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/65323 Tested-by: Cusky Presubmit Bot <[email protected]> Main-Branch-Verified: Cusky Presubmit Bot <[email protected]> Reviewed-by: Oleksandr Tymoshenko <[email protected]>