Bug 2248189 (CVE-2023-5972) - CVE-2023-5972 kernel: The NFTA_INNER_NUM and NFTA_EXPR_NAME netlink attributes accessed without checking its presence in nft_inner.c
Summary: CVE-2023-5972 kernel: The NFTA_INNER_NUM and NFTA_EXPR_NAME netlink attribute...
Status: NEW
Alias: CVE-2023-5972
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Product Security
QA Contact:
Depends On: 2251249
Blocks: 2248168
TreeView+ depends on / blocked
Reported: 2023-11-06 19:19 UTC by Alex
Modified: 2024-05-01 15:21 UTC (History)
47 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Alex 2023-11-06 19:19:26 UTC
Two similar flaws in the Linux Kernel found.
From v6.2-rc1 to v6.6-rc6two null pointer dereference vulnerabilities in nf_tables could happen.
The first vulnerability is in nft_inner_init() in nft_inner.c.
The NFTA_INNER_NUM netlink attribute is accessed At (0) without checking its presence before, so it may be NULL。
The second vulnerability is in nft_expr_inner_parse(), which is quite similar to the first one.
The NFTA_EXPR_NAME netlink attribute is not checked before accessing it.

Comment 2 Alex 2023-11-23 15:29:40 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2251249]

Comment 3 Justin M. Forbes 2023-11-28 18:15:30 UTC
This was fixed for Fedora with the 6.5.9 stable kernel updates.

Note You need to log in before you can comment on or make changes to this bug.