Potential slab-out-of-bound access due to integer underflow due to a missing IP_SET_HASH_WITH_NET0 macro in `ip_set_hash_netportnet`, which leads it to use the wrong wrong `CIDR_POS(c)` macro for calulating array offsets.
Upstream fix: https://github.com/torvalds/linux/commit/050d91c03b28ca479df13dfb02bcd2c60dd6a878 Reference: https://www.openwall.com/lists/oss-security/2023/09/22/10
*** Bug 2240527 has been marked as a duplicate of this bug. ***
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2240602]
This was fixed for Fedora with the 6.5.3 stable kernel updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2023:7379 https://access.redhat.com/errata/RHSA-2023:7379
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:7389 https://access.redhat.com/errata/RHSA-2023:7389
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:7382 https://access.redhat.com/errata/RHSA-2023:7382
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2023:7370 https://access.redhat.com/errata/RHSA-2023:7370
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:7411 https://access.redhat.com/errata/RHSA-2023:7411
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2023:7418 https://access.redhat.com/errata/RHSA-2023:7418
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2023:7539 https://access.redhat.com/errata/RHSA-2023:7539
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2023:7558 https://access.redhat.com/errata/RHSA-2023:7558
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0089 https://access.redhat.com/errata/RHSA-2024:0089
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0113 https://access.redhat.com/errata/RHSA-2024:0113
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0134 https://access.redhat.com/errata/RHSA-2024:0134
RHEL7.6 is not affected, it does not support /0 netmasks: $ ipset create test hash:net,port,net $ ipset add test 0.0.0.0/0,42,192.168.0.1 ipset v6.38: The value of the CIDR parameter of the IP address is invalid The commit that supports this, 886503f34d63 ("netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net"), was added to 7.7, I don't see it backported to 7.6.z branch. This still checks attribute value via: if (!e.cidr[0] || e.cidr[0] > HOST_MASK) .... so /0 gets rejected.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0340 https://access.redhat.com/errata/RHSA-2024:0340
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:0346 https://access.redhat.com/errata/RHSA-2024:0346
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:0347 https://access.redhat.com/errata/RHSA-2024:0347
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Via RHSA-2024:0376 https://access.redhat.com/errata/RHSA-2024:0376
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:0371 https://access.redhat.com/errata/RHSA-2024:0371
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0378 https://access.redhat.com/errata/RHSA-2024:0378
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2024:0402 https://access.redhat.com/errata/RHSA-2024:0402
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2024:0403 https://access.redhat.com/errata/RHSA-2024:0403
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0461 https://access.redhat.com/errata/RHSA-2024:0461
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0412 https://access.redhat.com/errata/RHSA-2024:0412
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2024:0563 https://access.redhat.com/errata/RHSA-2024:0563
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:0562 https://access.redhat.com/errata/RHSA-2024:0562
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2024:0593 https://access.redhat.com/errata/RHSA-2024:0593
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2024:0999 https://access.redhat.com/errata/RHSA-2024:0999