[tg180]

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...

> netfilter: nf_tables: accept QUEUE/DROP verdict parameters

> Allow userspace to specify the queue number or the errno code for QUEUE and DROP verdicts.

[loeg]

Yeah, but why?

[rokkitmensch]

If one has to ask, it's a Five Eyes plant.

[aseipp]

Hardly. This is just a typical double free vulnerability, AKA a normal Tuesday in the C/C++ world, and which people have been exploiting in the kernel (with its complex object lifetimes and semantics) for well over 10 years now. There's no need to "plant" anything to find these.

[rokkitmensch]

Which makes it a fine cover!