Commit b429df81 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Dong Chenchen
Browse files

netfilter: nft_set_rbtree: skip end interval element from gc 

stable inclusion
from stable-v5.10.209
commit 4cee42fcf54fec46b344681e7cc4f234bb22f85a
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I92HII
CVE: CVE-2024-26581

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4cee42fcf54fec46b344681e7cc4f234bb22f85a



--------------------------------

commit 60c0c230c6f046da536d3df8b39a20b9a9fd6af0 upstream.

rbtree lazy gc on insert might collect an end interval element that has
been just added in this transactions, skip end interval elements that
are not yet active.

Fixes: f718863a ("netfilter: nft_set_rbtree: fix overlap expiration walk")
Cc: stable@vger.kernel.org
Reported-by: default avatarlonial con <kongln9170@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarDong Chenchen <dongchenchen2@huawei.com>
parent e0a00cd6
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment