diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-20 13:56:01 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-20 13:56:01 +0100 |
commit | a355bfae29bb3d4f82f1419a9214eb0aabf9da2e (patch) | |
tree | 09bb346b56f4b38174ae449a9349d6e8731effec | |
parent | d979f42d46a4cb575999769543b457b52212fb01 (diff) | |
download | vulns-a355bfae29bb3d4f82f1419a9214eb0aabf9da2e.tar.gz |
Publish CVE-2023-52433
Allocated to 2ee52ae94baa ("netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | cve/published/2023/CVE-2023-52433 (renamed from cve/reserved/2023/CVE-2023-52433) | 0 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-52433.json | 88 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-52433.mbox | 65 | ||||
-rw-r--r-- | cve/published/2023/CVE-2023-52433.sha1 | 1 |
4 files changed, 154 insertions, 0 deletions
diff --git a/cve/reserved/2023/CVE-2023-52433 b/cve/published/2023/CVE-2023-52433 index e69de29b..e69de29b 100644 --- a/cve/reserved/2023/CVE-2023-52433 +++ b/cve/published/2023/CVE-2023-52433 diff --git a/cve/published/2023/CVE-2023-52433.json b/cve/published/2023/CVE-2023-52433.json new file mode 100644 index 00000000..74064781 --- /dev/null +++ b/cve/published/2023/CVE-2023-52433.json @@ -0,0 +1,88 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction\n\nNew elements in this transaction might expired before such transaction\nends. Skip sync GC for such elements otherwise commit path might walk\nover an already released object. Once transaction is finished, async GC\nwill collect such expired element." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "f6c383b8c31a", + "lessThan": "e3213ff99a35", + "status": "affected", + "versionType": "git" + }, + { + "version": "f6c383b8c31a", + "lessThan": "2ee52ae94baa", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "6.5", + "status": "affected" + }, + { + "version": "0", + "lessThan": "6.5", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.5.4", + "lessThanOrEqual": "6.5.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/e3213ff99a35" + }, + { + "url": "https://git.kernel.org/stable/c/2ee52ae94baa" + } + ], + "title": "netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction", + "x_generator": { + "engine": "bippy-c4875b56942e" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2023-52433", + "requesterUserId": "gregkh@linuxfoundation.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2023/CVE-2023-52433.mbox b/cve/published/2023/CVE-2023-52433.mbox new file mode 100644 index 00000000..20d2dab9 --- /dev/null +++ b/cve/published/2023/CVE-2023-52433.mbox @@ -0,0 +1,65 @@ +From bippy-c4875b56942e Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org> +Subject: CVE-2023-52433: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction +Message-Id: <2024022058-outsell-equator-e1c5@gregkh> +Content-Length: 1747 +Lines: 48 +X-Developer-Signature: v=1; a=openpgp-sha256; l=1796; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=nRsk0B7+ayNFbX8BtXX6WxiRJj04TALho86h1XWQBcg=; + b=owGbwMvMwCRo6H6F97bub03G02pJDKlXFjzTunvlzZFAtjX7gtSUZXdk7IyJeHVt6qS7u29oh + nRK7ZVf3hHLwiDIxCArpsjyZRvP0f0VhxS9DG1Pw8xhZQIZwsDFKQATcU9nmCs7e19N98bQ1iNr + bi4+dfX7xqfJRzsZ5odyLMr75J19bYVU+FrbC9t9FVVypAE= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction + +New elements in this transaction might expired before such transaction +ends. Skip sync GC for such elements otherwise commit path might walk +over an already released object. Once transaction is finished, async GC +will collect such expired element. + +The Linux kernel CVE team has assigned CVE-2023-52433 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 6.5 with commit f6c383b8c31a and fixed in 6.5.4 with commit e3213ff99a35 + Issue introduced in 6.5 with commit f6c383b8c31a and fixed in 6.6 with commit 2ee52ae94baa + +Please see https://www.kernel.org or a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2023-52433 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + net/netfilter/nft_set_rbtree.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/e3213ff99a35 + https://git.kernel.org/stable/c/2ee52ae94baa diff --git a/cve/published/2023/CVE-2023-52433.sha1 b/cve/published/2023/CVE-2023-52433.sha1 new file mode 100644 index 00000000..d1d72605 --- /dev/null +++ b/cve/published/2023/CVE-2023-52433.sha1 @@ -0,0 +1 @@ +2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4 |