CVE-2023-4569

Summary

A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak.

Affected Software

VendorProductVersion RangeStatus
n/aKernel6.5-rc7unaffected

Weaknesses

  • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')

Workarounds

Mitigation for this issue is to skip loading the affected module "nftables" onto the system until we have a fix available. This can be done by a blacklist mechanism that will ensure the driver is not loaded at boot time.

How do I blacklist a kernel module to prevent it from loading automatically?
https://access.redhat.com/solutions/41278 

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References