Bug 2220892 (CVE-2023-35001, ZDI-CAN-20721) - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
Summary: CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_e...
Keywords:
Status: NEW
Alias: CVE-2023-35001, ZDI-CAN-20721
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2221046 2221047 2221717 2221718 2221719 2221720 2221721 2221722 2221723 2221724 2221725 2221726 2221727 2221729 2221730 2221731 2221732 2221733 2221734 2221735 2221736 2221737 2221746 2221747 2221748 2221749 2221750 2221751 2221752 2221753 2221754 2221755 2221756 2221744 2221745 2221759
Blocks: 2220897
TreeView+ depends on / blocked
 
Reported: 2023-07-06 13:01 UTC by TEJ RATHI
Modified: 2023-08-14 16:45 UTC (History)
52 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds (OOB) memory access flaw was found in the Netfilter module in the Linux kernel's nft_byteorder_eval in net/netfilter/nft_byteorder.c. A bound check failure allows a local attacker with CAP_NET_ADMIN access to cause a local privilege escalation issue due to incorrect data alignment.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description TEJ RATHI 2023-07-06 13:01:31 UTC 
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/
https://www.openwall.com/lists/oss-security/2023/07/05/3
Comment 9 Rohit Keshri 2023-07-10 17:01:39 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2221759]
Note You need to log in before you can comment on or make changes to this bug.