)]}'
{
  "commit": "b9830e08e06afddb85dda3efe62bd12fc6ca078e",
  "tree": "aa07e9b29a5cc2b9c2f6307cbb1f9551ae5e962d",
  "parents": [
    "b9353256bb44b3b3319c7e47707d9c4796f610de"
  ],
  "author": {
    "name": "Phil Sutter",
    "email": "phil@nwl.cc",
    "time": "Wed Feb 16 15:55:38 2022 +0100"
  },
  "committer": {
    "name": "Michael Kochera",
    "email": "kochera@google.com",
    "time": "Fri Jan 26 14:51:45 2024 +0000"
  },
  "message": "netfilter: nf_tables: Reject tables of unsupported family\n\ncommit f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 upstream.\n\nAn nftables family is merely a hollow container, its family just a\nnumber and such not reliant on compile-time options other than nftables\nsupport itself. Add an artificial check so attempts at using a family\nthe kernel can\u0027t support fail as early as possible. This helps user\nspace detect kernels which lack e.g. NFPROTO_INET.\n\nBUG\u003db/321923857\nTEST\u003dNone\nRELEASE_NOTE\u003dFixed CVE-2023-6040 in the linux kernel.\n\ncos-patch: security-high\nChange-Id: I730b947d2d8e248a7ad1fed28e55cbf154118fb3\nSigned-off-by: Phil Sutter \u003cphil@nwl.cc\u003e\nSigned-off-by: Pablo Neira Ayuso \u003cpablo@netfilter.org\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\nReviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/64188\nTested-by: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\nReviewed-by: Oleksandr Tymoshenko \u003covt@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "3ee0f632a9424c81d0738452053478797ca34270",
      "old_mode": 33188,
      "old_path": "net/netfilter/nf_tables_api.c",
      "new_id": "3556818c7162fb8784cfd45c7c2f79c23bea1252",
      "new_mode": 33188,
      "new_path": "net/netfilter/nf_tables_api.c"
    }
  ]
}