Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict several matches to inet family This is a partial revert of: commit ab4f21e6fb1c ("netfilter: xtables: use NFPROTO_UNSPEC in more extensions") to allow ipv4 and ipv6 only. - xt_mac - xt_owner - xt_physdev These extensions are not used by ebtables in userspace. Moreover, xt_realm is only for ipv4, since dst->tclassid is ipv4 specific.
Product status
ab4f21e6fb1c09b13c4c3cb8357babe8223471bd (git) before 14203f9edf944b3fb63faadd62f38452421ecdfc
ab4f21e6fb1c09b13c4c3cb8357babe8223471bd (git) before 7eaf9c740f33230cb224dc265f3c69f8531ff57b
ab4f21e6fb1c09b13c4c3cb8357babe8223471bd (git) before 9a109751b297b0f2135495749ef5a18ba31ec7d4
ab4f21e6fb1c09b13c4c3cb8357babe8223471bd (git) before cbeb259f31382de70a70a59ffd0e66f5e80d9818
ab4f21e6fb1c09b13c4c3cb8357babe8223471bd (git) before 689a91ff18d6448d94c1ab7c076fecdb2b668bef
ab4f21e6fb1c09b13c4c3cb8357babe8223471bd (git) before 76160e04440c9698b989dbd9492a7ec4f520c9ee
ab4f21e6fb1c09b13c4c3cb8357babe8223471bd (git) before fa88161ef56e29bdaa05cc89dbc4ee221e94bfe9
ab4f21e6fb1c09b13c4c3cb8357babe8223471bd (git) before b6fe26f86a1649f84e057f3f15605b08eda15497
2.6.28
Any version before 2.6.28
5.10.258 (semver)
5.15.209 (semver)
6.1.175 (semver)
6.6.141 (semver)
6.12.91 (semver)
6.18.33 (semver)
7.0.10 (semver)
7.1 (original_commit_for_fix)
References
git.kernel.org/...c/14203f9edf944b3fb63faadd62f38452421ecdfc
git.kernel.org/...c/7eaf9c740f33230cb224dc265f3c69f8531ff57b
git.kernel.org/...c/9a109751b297b0f2135495749ef5a18ba31ec7d4
git.kernel.org/...c/cbeb259f31382de70a70a59ffd0e66f5e80d9818
git.kernel.org/...c/689a91ff18d6448d94c1ab7c076fecdb2b668bef
git.kernel.org/...c/76160e04440c9698b989dbd9492a7ec4f520c9ee
git.kernel.org/...c/fa88161ef56e29bdaa05cc89dbc4ee221e94bfe9
git.kernel.org/...c/b6fe26f86a1649f84e057f3f15605b08eda15497