5.5

CVE-2023-53032

netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.

When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of
an arithmetic expression 2 << (netmask - mask_bits - 1) is subject
to overflow due to a failure casting operands to a larger data type
before performing the arithmetic.

Note that it's harmless since the value will be checked at the next step.

Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with SVACE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.7 < 4.14.303
LinuxLinux Kernel Version >= 4.15 < 4.19.270
LinuxLinux Kernel Version >= 4.20 < 5.4.229
LinuxLinux Kernel Version >= 5.5 < 5.10.164
LinuxLinux Kernel Version >= 5.11 < 5.15.89
LinuxLinux Kernel Version >= 5.16 < 6.1.7
LinuxLinux Kernel Version6.2 Updaterc1
LinuxLinux Kernel Version6.2 Updaterc2
LinuxLinux Kernel Version6.2 Updaterc3
LinuxLinux Kernel Version6.2 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.089
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/e137d9bb26bd85ce07323a38e38ceb0b160db841
Patch
https://git.kernel.org/stable/c/dfd834ccc1b88bbbab81b9046a3a539dd0c2d14f
Patch
https://git.kernel.org/stable/c/feefb33eefa166fc3e0fd17547b0bc0cb3baced9
Patch
https://git.kernel.org/stable/c/4e6a70fd840400e3a2e784a6673968a3eb2431c0
Patch
https://git.kernel.org/stable/c/511cf17b2447fc41cfef8d71936e1fa53e395c1e
Patch
https://git.kernel.org/stable/c/e88865876d47c790be0d5e23973499d75d034364
Patch
https://git.kernel.org/stable/c/9ea4b476cea1b7d461d16dda25ca3c7e616e2d15
Patch