7.8

CVE-2023-53179

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

The missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet can
lead to the use of wrong `CIDR_POS(c)` for calculating array offsets,
which can lead to integer underflow. As a result, it leads to slab
out-of-bound access.
This patch adds back the IP_SET_HASH_WITH_NET0 macro to
ip_set_hash_netportnet to address the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.4.165 < 4.5
LinuxLinux Kernel Version >= 4.9.141 < 4.10
LinuxLinux Kernel Version >= 4.14.84 < 4.14.326
LinuxLinux Kernel Version >= 4.19.5 < 4.19.295
LinuxLinux Kernel Version >= 4.20.1 < 5.4.257
LinuxLinux Kernel Version >= 5.5 < 5.10.195
LinuxLinux Kernel Version >= 5.11 < 5.15.132
LinuxLinux Kernel Version >= 5.16 < 6.1.53
LinuxLinux Kernel Version >= 6.2 < 6.4.16
LinuxLinux Kernel Version >= 6.5 < 6.5.3
LinuxLinux Kernel Version4.20 Update-
LinuxLinux Kernel Version4.20 Updaterc2
LinuxLinux Kernel Version4.20 Updaterc3
LinuxLinux Kernel Version4.20 Updaterc4
LinuxLinux Kernel Version4.20 Updaterc5
LinuxLinux Kernel Version4.20 Updaterc6
LinuxLinux Kernel Version4.20 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.052
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/7935b636dd693dfe4483cfef4a1e91366c8103fa
Patch
https://git.kernel.org/stable/c/e632d09dffc68b9602d6893a99bfe3001d36cefc
Patch
https://git.kernel.org/stable/c/109e830585e89a03d554bf8ad0e668630d0a6260
Patch
https://git.kernel.org/stable/c/83091f8ac03f118086596f17c9a52d31d6ca94b3
Patch
https://git.kernel.org/stable/c/a9e6142e5f8f6ac7d1bca45c1b2b13b084ea9e14
Patch
https://git.kernel.org/stable/c/7ca0706c68adadf86a36b60dca090f5e9481e808
Patch
https://git.kernel.org/stable/c/d59b6fc405549f7caf31f6aa5da1d6bef746b166
Patch
https://git.kernel.org/stable/c/d95c8420efe684b964e3aa28108e9a354bcd7225
Patch
https://git.kernel.org/stable/c/050d91c03b28ca479df13dfb02bcd2c60dd6a878
Patch