References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: reject immediate NF_QUEUE verdict

nft_queue is always used from userspace nftables to deliver the NF_QUEUE
verdict. Immediately emitting an NF_QUEUE verdict is never used by the
userspace nft tools, so reject immediate NF_QUEUE verdicts.

The arp family does not provide queue support, but such an immediate
verdict is still reachable. Globally reject NF_QUEUE immediate verdicts
to address this issue.

https://git.kernel.org/stable/c/17dc5d5a935c771338430cbc156a16a51cfd31e8

https://git.kernel.org/stable/c/2f7f825a548be55420f0f5f716f6c27b9d312d3f

https://git.kernel.org/stable/c/42a47f4b1b7695026ab9bc1bb35d4622b0835c95

https://git.kernel.org/stable/c/4b12a3cc3f075e750cc3c5e693fd25fb400af4a2

https://git.kernel.org/stable/c/68390437a998c3f2c57212b413abef5e6d657d88

https://git.kernel.org/stable/c/da107398cbd4bbdb6bffecb2ce86d5c9384f4cec

https://git.kernel.org/stable/c/f140593901724cfbd16597c3a4fcb24a58ae44b0

https://git.kernel.org/stable/c/f710691be163ae6b39e4bcab9e5be32d329f035b