CVE-2023-54035

Summary

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: fix underflow in chain reference counter

Set element addition error path decrements reference counter on chains twice: once on element release and again via nft_data_release().

Then, d6b478666ffa ("netfilter: nf_tables: fix underflow in object reference counter") incorrectly fixed this by removing the stateful object reference count decrement.

Restore the stateful object decrement as in b91d90368837 ("netfilter: nf_tables: fix leaking object reference count") and let nft_data_release() decrement the chain reference counter, so this is done only once.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux35651fde1a7bb54dde0a46d35cd0d7136869ae86 < b068314fd8ce751a7f906e55bb90f3551815f1a0affected
LinuxLinux628bd3e49cba1c066228e23d71a852c23e26da73 < 9c959671abc7d4ffdf34eed10c64492d43cb6a3caffected
LinuxLinux628bd3e49cba1c066228e23d71a852c23e26da73 < b389139f12f287b8ed2e2628b72df89a081f0b59affected
LinuxLinuxbc9f791d2593f17e39f87c6e2b3a36549a3705b1affected
LinuxLinux3c7ec098e3b588434a8b07ea9b5b36f04cef1f50affected
LinuxLinuxa136b7942ad2a50de708f76ea299ccb45ac7a7f9affected
LinuxLinux25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f8affected
LinuxLinuxd60be2da67d172aecf866302c91ea11533eca4d9affected
LinuxLinuxdc7cdf8cbcbf8b13de1df93f356ec04cdeef5c41affected
LinuxLinux4.19.316 < 4.20affected
LinuxLinux5.4.262 < 5.5affected
LinuxLinux5.10.188 < 5.11affected
LinuxLinux5.15.121 < 5.16affected
LinuxLinux6.3.10 < 6.4affected
LinuxLinux6.4affected
LinuxLinux0 < 6.4unaffected
LinuxLinux6.4.4 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

References