Bug 2225239 (CVE-2023-4147) - CVE-2023-4147 kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free
Summary: CVE-2023-4147 kernel: netfilter: nf_tables_newrule when adding a rule with NF...
Keywords:
Status: NEW
Alias: CVE-2023-4147
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2225270 2225271 2228989 2228990 2228991 2228992 2228993 2228994 2228995 2229467
Blocks: 2225238
TreeView+ depends on / blocked
 
Reported: 2023-07-24 18:01 UTC by Alex
Modified: 2023-11-21 12:24 UTC (History)
52 users (show)

Fixed In Version: Kernel 6.5-rc4
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:5162 0 None None None 2023-09-14 08:11:49 UTC
Red Hat Product Errata RHSA-2023:5069 0 None None None 2023-09-12 10:14:22 UTC
Red Hat Product Errata RHSA-2023:5091 0 None None None 2023-09-12 09:51:00 UTC
Red Hat Product Errata RHSA-2023:5093 0 None None None 2023-09-12 09:52:28 UTC
Red Hat Product Errata RHSA-2023:7382 0 None None None 2023-11-21 11:16:00 UTC
Red Hat Product Errata RHSA-2023:7389 0 None None None 2023-11-21 11:12:24 UTC
Red Hat Product Errata RHSA-2023:7411 0 None None None 2023-11-21 12:24:30 UTC

Description Alex 2023-07-24 18:01:28 UTC 
A flaw in the Linux Kernel found. For the netfilter, nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID can lead to use-after-free.

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211
Comment 7 Salvatore Bonaccorso 2023-08-04 04:23:30 UTC 
(In reply to Alex from comment #0)
> A flaw in the Linux Kernel found. For the netfilter, nf_tables_newrule when
> adding a rule with NFTA_RULE_CHAIN_ID can lead to use-after-free.
> 
> Reference:
> TODO add link when becomes available

Any more information on that?
Comment 8 Salvatore Bonaccorso 2023-08-04 04:25:28 UTC 
From the commit description this is https://git.kernel.org/linus/0ebc1064e4874d5987722a2ddbc18f94aa53b211 which matches as well your "Fixed In Version: Kernel 6.5-rc4" correct?
Comment 9 Alex 2023-08-06 08:44:15 UTC 
In reply to comment #8:
> From the commit description this is
> https://git.kernel.org/linus/0ebc1064e4874d5987722a2ddbc18f94aa53b211 which
> matches as well your "Fixed In Version: Kernel 6.5-rc4" correct?

Yes, correct.
Comment 10 Alex 2023-08-06 08:50:14 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2229467]
Comment 11 Justin M. Forbes 2023-08-07 22:17:17 UTC 
This was fixed for Fedora with the 6.4.8 stable kernel updates.
Comment 13 errata-xmlrpc 2023-09-12 09:50:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5091 https://access.redhat.com/errata/RHSA-2023:5091
Comment 14 errata-xmlrpc 2023-09-12 09:52:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5093 https://access.redhat.com/errata/RHSA-2023:5093
Comment 15 errata-xmlrpc 2023-09-12 10:14:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5069 https://access.redhat.com/errata/RHSA-2023:5069
Comment 16 errata-xmlrpc 2023-11-21 11:12:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7389 https://access.redhat.com/errata/RHSA-2023:7389
Comment 17 errata-xmlrpc 2023-11-21 11:15:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7382 https://access.redhat.com/errata/RHSA-2023:7382
Comment 18 errata-xmlrpc 2023-11-21 12:24:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7411 https://access.redhat.com/errata/RHSA-2023:7411
Note You need to log in before you can comment on or make changes to this bug.