CVE-2023-52581

Summary

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: fix memleak when more than 255 elements expired

When more than 255 elements expired we're supposed to switch to a new gc container structure.

This never happens: u8 type will wrap before reaching the boundary and nft_trans_gc_space() always returns true.

This means we recycle the initial gc container structure and lose track of the elements that came before.

While at it, don't deref 'gc' after we've passed it to call_rcu.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8da1b048f9a501d3d7d38c188ba09d7d0d5b8c27 < 7cf055b43756b10aa2b851c927c940f5ed652125affected
LinuxLinuxbbdb3b65aa91aa0a32b212f27780b28987f2d94f < a995a68e8a3b48533e47c856865d109a1f1a9d01affected
LinuxLinux448be0774882f95a74fa5eb7519761152add601b < 09c85f2d21ab6b5acba31a037985b13e8e6565b8affected
LinuxLinuxd19e8bf3ea4114dd21fc35da21f398203d7f7df1 < ef99506eaf1dc31feff1adfcfd68bc5535a22171affected
LinuxLinuxea3eb9f2192e4fc33b795673e56c97a21987f868 < 7e5d732e6902eb6a37b35480796838a145ae5f07affected
LinuxLinux5f68718b34a531a556f2f50300ead2862278da26 < 4aea243b6853d06c1d160a9955b759189aa02b14affected
LinuxLinux5f68718b34a531a556f2f50300ead2862278da26 < cf5000a7787cbc10341091d37245a42c119d26c5affected
LinuxLinux0624f190b5742a1527cd938295caa8dc5281d4cdaffected
LinuxLinux6.4.11 < 6.5affected
LinuxLinux6.5affected
LinuxLinux0 < 6.5unaffected
LinuxLinux6.5.6 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References