Bug 2225198 (CVE-2023-3610)
| Summary: | CVE-2023-3610 kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Alex <allarkin> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | acaringi, allarkin, bhu, chwhite, crwood, dbohanno, ddepaula, debarbos, dfreiber, dvlasenk, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jferlan, jforbes, jlelli, joe.lawrence, jpoimboe, jshortt, jstancek, jwyatt, kcarcia, kernel-mgr, kpatch-maint-bot, ldoskova, lgoncalv, lzampier, nmurray, psutter, ptalbert, qzhao, rhandlin, rogbas, rrobaina, rvrbovsk, rysulliv, scweaver, tglozar, tyberry, vkumar, walters, wcosta, williams, wmealing, ycote, ymankad |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Kernel 6.4~13 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A use-after-free vulnerability was found in the netfilter: nf_tables component in the Linux kernel due to a missing error handling in the abort path of NFT_MSG_NEWRULE. This flaw allows a local attacker with CAP_NET_ADMIN access capability to cause a local privilege escalation problem.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2213271, 2214035, 2216159, 2216166, 2225199, 2225200, 2225457, 2225458, 2225459, 2225460, 2225461, 2225462, 2225464, 2225465 | ||
| Bug Blocks: | 2225183 | ||
|
Description
Alex
2023-07-24 14:23:07 UTC
I just noticed (actually, CKI KWF Bot did) that I had backported the proposed fix on behalf of CVE-2023-3390[1] already, or at least for the RHEL9.3 clone[2]. But since this CVE-2023-3610 does not apply to RHEL8 and there are also 9.2.0.z[3] and 9.0.0.z[4] clones for CVE-2023-3390, the same merge request may at least be reused. I am a bit at a loss though how to deal with the ticket(s) created for this CVE. Close as duplicate? Mark as TestOnly and depend on the respective other ones? [1] https://bugzilla.redhat.com/show_bug.cgi?id=2213260 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2213271 [3] https://bugzilla.redhat.com/show_bug.cgi?id=2216160 [4] https://bugzilla.redhat.com/show_bug.cgi?id=2216159 In reply to comment #7: > I just noticed (actually, CKI KWF Bot did) that I had backported the proposed > fix on behalf of CVE-2023-3390[1] already, or at least for > the RHEL9.3 clone[2]. But since this CVE-2023-3610 does not apply to RHEL8 > and > there are also 9.2.0.z[3] and 9.0.0.z[4] clones for CVE-2023-3390, the same > merge request may at least be reused. > > I am a bit at a loss though how to deal with the ticket(s) created for this > CVE. Close as duplicate? Mark as TestOnly and depend on the respective other > ones? > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=2213260 > [2] https://bugzilla.redhat.com/show_bug.cgi?id=2213271 > [3] https://bugzilla.redhat.com/show_bug.cgi?id=2216160 > [4] https://bugzilla.redhat.com/show_bug.cgi?id=2216159 Yes, let's close bugzilla trackers as duplicate. The status for CVE page should be correct then I think. The TestOnly I think should be Ok too. This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5091 https://access.redhat.com/errata/RHSA-2023:5091 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5093 https://access.redhat.com/errata/RHSA-2023:5093 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5069 https://access.redhat.com/errata/RHSA-2023:5069 |