2265184 – (CVE-2023-52433) CVE-2023-52433 kernel: nf_tables: nft_set_rbtree skip sync GC for new elements in this transaction

Bug 2265184 (CVE-2023-52433) - CVE-2023-52433 kernel: nf_tables: nft_set_rbtree skip sync GC for new elements in this transaction

Summary: CVE-2023-52433 kernel: nf_tables: nft_set_rbtree skip sync GC for new element...

Keywords:
Status:	CLOSED DUPLICATE of bug 2235306
Alias:	CVE-2023-52433
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2265187
Blocks:	2265182
TreeView+	depends on / blocked

Reported:	2024-02-20 20:19 UTC by Patrick Del Bello
Modified:	2024-03-06 09:26 UTC (History)
CC List:	48 users (show)
Fixed In Version:	kernel 6.6-rc1
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the nft_set_rbtree, where new elements in this transaction might expire before the transaction ends. Skip sync GC for such elements, otherwise a commit path might walk over an already released object. Once the transaction is finished, async GC will collect expired elements.
Clone Of:
Environment:
Last Closed:	2024-02-28 17:29:24 UTC
Embargoed:

Attachments	(Terms of Use)

Description Patrick Del Bello 2024-02-20 20:19:40 UTC

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction

New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk
over an already released object. Once transaction is finished, async GC will collect such expired element.

https://git.kernel.org/stable/c/2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4
https://git.kernel.org/stable/c/e3213ff99a355cda811b41e8dbb3472d13167a3a

Comment 1 Patrick Del Bello 2024-02-20 20:20:11 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2265187]

Comment 4 Justin M. Forbes 2024-02-21 22:56:56 UTC

This was fixed for Fedora with the 6.7.5 stable kernel updates.

Comment 5 Justin M. Forbes 2024-02-21 23:02:14 UTC

I apologize, this one is actually fixed with the 6.5.4 stable kernel updates, I had it confused with another.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
allarkin
aquini
bhu
chwhite
cye
cyin
dbohanno
debarbos
dfreiber
drow
dvlasenk
ezulian
hkrzesin
jarod
jburrell
jdenham
jfaracco
jforbes
jlelli
joe.lawrence
jshortt
jstancek
jwyatt
kcarcia
ldoskova
lgoncalv
lzampier
mleitner
mmilgram
mstowell
nmurray
ptalbert
rparrazo
rrobaina
rvrbovsk
rysulliv
scweaver
sukulkar
tglozar
tyberry
vkumar
wcosta
williams
wmealing
ycote
ykopkova
zhijwang