Bug 2227020 - kernel: Use-after-free in the Netfilter subsystem
Summary: kernel: Use-after-free in the Netfilter subsystem
Keywords:
Status: CLOSED DUPLICATE of bug 2213260
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2213271 2214963 2218699 2227021 2227023 2227024
Blocks: 2227022
TreeView+ depends on / blocked
 
Reported: 2023-07-27 13:10 UTC by Pedro Sampaio
Modified: 2023-12-07 15:53 UTC (History)
47 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2023-08-07 16:04:50 UTC
Embargoed:

Attachments (Terms of Use)

Description Pedro Sampaio 2023-07-27 13:10:01 UTC 
A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system.

References:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97
Comment 1 Pedro Sampaio 2023-07-27 13:11:09 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2227021]
Comment 3 Phil Sutter 2023-07-27 13:37:26 UTC 
The kernel fix in question is being backported as part of the series resolving for CVE-2023-3390.

C9S/RHEL9 MR[1] is ready to be merged, RHEL8 MR[2] already merged.


[1] https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/2770
[2] https://gitlab.com/redhat/rhel/src/kernel/rhel-8/-/merge_requests/4980
Comment 4 Pedro Sampaio 2023-08-07 16:04:50 UTC 

*** This bug has been marked as a duplicate of bug 2213260 ***
Comment 5 Pedro Sampaio 2023-08-07 16:07:19 UTC 
CVE-2023-3117 was rejected as duplicate of CVE-2023-3390
Note You need to log in before you can comment on or make changes to this bug.