Linux Kernel: netfilter nft_set_rbtree GC sync bug allows use-after-free
CVE-2023-52433 Published on February 20, 2024
netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
New elements in this transaction might expired before such transaction
ends. Skip sync GC for such elements otherwise commit path might walk
over an already released object. Once transaction is finished, async GC
will collect such expired element.
Vulnerability Analysis
CVE-2023-52433 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Check for Dropped Privileges
The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. If the drop fails, the software will continue to run with the raised privileges, which might provide additional access to unprivileged users.
Products Associated with CVE-2023-52433
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or NetApp Ontap Tools. Just hit a watch button to start following.
Affected Versions
Linux:- Version cb4d00b563675ba8ff6ef94b077f58d816f68ba3 and below 9db9feb841f7449772f9393c16b9ef4536d8c127 is affected.
- Version c357648929c8dff891502349769aafb8f0452bc2 and below 03caf75da1059f0460666c826e9f50e13dfd0017 is affected.
- Version 146c76866795553dbc19998f36718d7986ad302b and below c323ed65f66e5387ee0a73452118d49f1dae81b8 is affected.
- Version 479a2cf5259347d6a1f658b0f791d27a34908e91 and below 9af7dfb3c9d7985172a240f85e684c5cd33e29ce is affected.
- Version df650d6a4bf47248261b61ef6b174d7c54034d15 and below 9a8c544158f68f656d1734eb5ba00c4f817b76b1 is affected.
- Version f6c383b8c31a93752a52697f8430a71dcbc46adf and below e3213ff99a355cda811b41e8dbb3472d13167a3a is affected.
- Version f6c383b8c31a93752a52697f8430a71dcbc46adf and below 2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4 is affected.
- Version e4d71d6a9c7db93f7bf20c3a0f0659d63d7de681 is affected.
- Version 6.5 is affected.
- Before 6.5 is unaffected.
- Version 6.5.4, <= 6.5.* is unaffected.
- Version 6.6, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.