Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> Initialize registers to avoid stack leak into userspace.
>
> Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates")
As per David, my assessment was incorrect, this needs to be
Fixes: 96518518cc41 ("netfilter: add nftables")
... because its possible to exfiltrate via cmp+imm and observe if there
is a match (accept/drop/counter, etc).
Patch is correct though, please consider pushing this out with updates
fixes tag.
Thanks!
