2338989 – (CVE-2023-52923) CVE-2023-52923 kernel: netfilter: nf_tables: adapt set backend to use GC transaction API

Bug 2338989 (CVE-2023-52923) - CVE-2023-52923 kernel: netfilter: nf_tables: adapt set backend to use GC transaction API

Summary: CVE-2023-52923 kernel: netfilter: nf_tables: adapt set backend to use GC tran...

Keywords:
Status:	NEW
Alias:	CVE-2023-52923
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-01-20 11:01 UTC by OSIDB Bzimport
Modified:	2025-01-20 15:09 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-01-20 11:01:08 UTC

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: adapt set backend to use GC transaction API

Use the GC transaction API to replace the old and buggy gc API and the
busy mark approach.

No set elements are removed from async garbage collection anymore,
instead the _DEAD bit is set on so the set element is not visible from
lookup path anymore. Async GC enqueues transaction work that might be
aborted and retried later.

rbtree and pipapo set backends does not set on the _DEAD bit from the
sync GC path since this runs in control plane path where mutex is held.
In this case, set elements are deactivated, removed and then released
via RCU callback, sync GC never fails.

Comment 1 Avinash Hanwate 2025-01-20 12:14:57 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025012034-CVE-2023-52923-416e@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.