Bug 2213260 (CVE-2023-3390)
| Summary: | CVE-2023-3390 kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Alex <allarkin> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | acaringi, allarkin, bhu, carnil, chwhite, crwood, dbohanno, ddepaula, debarbos, dfreiber, dvlasenk, ezulian, fwestpha, hkrzesin, jarod, jburrell, jdenham, jfaracco, jferlan, jforbes, jlelli, joe.lawrence, jpoimboe, jshortt, jstancek, jwyatt, kcarcia, kernel-mgr, kpatch-maint-bot, kyoshida, ldoskova, lgoncalv, lzampier, nmurray, pdelbell, psampaio, psutter, ptalbert, qzhao, rhandlin, rogbas, rrobaina, rvrbovsk, scweaver, sgrubb, sukulkar, vkumar, walters, wcosta, williams, wmealing, ycote, ymankad |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 6.4-rc7 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2213271, 2214035, 2214963, 2214964, 2216159, 2216160, 2216161, 2216162, 2216163, 2216164, 2216165, 2216166, 2216167, 2216168, 2216169, 2216170, 2216171, 2216172, 2216173, 2216174, 2216175, 2216176, 2216177, 2216178, 2216179, 2218699 | ||
| Bug Blocks: | 2212729, 2218602, 2227022 | ||
|
Description
Alex
2023-06-07 16:37:17 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2218699] I think this is a duplicate CVE assignment for CVE-2023-3390. Can you please reject this CVE? This was fixed for Fedora with the 6.3.9 stable kernel updates. *** Bug 2218605 has been marked as a duplicate of this bug. *** In reply to comment #19: > I think this is a duplicate CVE assignment for CVE-2023-3390. Can you please > reject this CVE? Done. Closed the CVE-2023-3390. Asked https://cveform.mitre.org/ to mark CVE-2023-3390 as duplicate of the CVE-2023-3117. Alex, I believe it should be the other way around. CVE-2023-3390 assigned by Google LLC was published earlier than the CVE-2023-3117 assigned by Red Hat, Inc. A query to MITRE CNA seems to indicate the same, that CVE-2023-3390 should be kept and CVE-2023-3117 rejected at CNA level. I see that this might have been confusing by my saying "this CVE", I should have explicitly said it is CVE-2023-3117 to be rejected. In reply to comment #24: > Alex, I believe it should be the other way around. CVE-2023-3390 assigned by > Google LLC was published earlier than the CVE-2023-3117 assigned by Red Hat, > Inc. A query to MITRE CNA seems to indicate the same, that CVE-2023-3390 > should be kept and CVE-2023-3117 rejected at CNA level. I missed this. Updated this one from CVE-2023-3117 to the CVE-2023-3390. Asked https://cveform.mitre.org/ again regarding this. Thank you. (In reply to Alex from comment #26) > In reply to comment #24: > > Alex, I believe it should be the other way around. CVE-2023-3390 assigned by > > Google LLC was published earlier than the CVE-2023-3117 assigned by Red Hat, > > Inc. A query to MITRE CNA seems to indicate the same, that CVE-2023-3390 > > should be kept and CVE-2023-3117 rejected at CNA level. > > I missed this. Updated this one from CVE-2023-3117 to the CVE-2023-3390. > Asked https://cveform.mitre.org/ again regarding this. > Thank you. Thank you! *** Bug 2227020 has been marked as a duplicate of this bug. *** This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4789 https://access.redhat.com/errata/RHSA-2023:4789 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4888 https://access.redhat.com/errata/RHSA-2023:4888 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4961 https://access.redhat.com/errata/RHSA-2023:4961 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4962 https://access.redhat.com/errata/RHSA-2023:4962 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2023:4967 https://access.redhat.com/errata/RHSA-2023:4967 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5091 https://access.redhat.com/errata/RHSA-2023:5091 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5093 https://access.redhat.com/errata/RHSA-2023:5093 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5069 https://access.redhat.com/errata/RHSA-2023:5069 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5221 https://access.redhat.com/errata/RHSA-2023:5221 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:5238 https://access.redhat.com/errata/RHSA-2023:5238 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:5235 https://access.redhat.com/errata/RHSA-2023:5235 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5255 https://access.redhat.com/errata/RHSA-2023:5255 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5244 https://access.redhat.com/errata/RHSA-2023:5244 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1250 https://access.redhat.com/errata/RHSA-2024:1250 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1253 https://access.redhat.com/errata/RHSA-2024:1253 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Telecommunications Update Service Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Via RHSA-2024:1268 https://access.redhat.com/errata/RHSA-2024:1268 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2024:1269 https://access.redhat.com/errata/RHSA-2024:1269 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Via RHSA-2024:1278 https://access.redhat.com/errata/RHSA-2024:1278 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1306 https://access.redhat.com/errata/RHSA-2024:1306 |