5.5

CVE-2023-53566

netfilter: nft_set_rbtree: fix null deref on element insertion

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_rbtree: fix null deref on element insertion

There is no guarantee that rb_prev() will not return NULL in nft_rbtree_gc_elem():

general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
 nft_add_set_elem+0x14b0/0x2990
  nf_tables_newsetelem+0x528/0xb30

Furthermore, there is a possible use-after-free while iterating,
'node' can be free'd so we need to cache the next value to use.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10.166 < 5.10.181
LinuxLinux Kernel Version >= 5.15.91 < 5.15.113
LinuxLinux Kernel Version >= 6.1.9 < 6.1.30
LinuxLinux Kernel Version >= 6.2.1 < 6.3.4
LinuxLinux Kernel Version6.2 Update-
LinuxLinux Kernel Version6.2 Updaterc6
LinuxLinux Kernel Version6.2 Updaterc7
LinuxLinux Kernel Version6.2 Updaterc8
LinuxLinux Kernel Version6.4 Updaterc1
LinuxLinux Kernel Version6.4 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.031
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/b76db53ee8802ee5683f8cb401d7e2ec6f9b3d56
Patch
https://git.kernel.org/stable/c/899aa5638568abf5d69de7a7bb95e4615157375b
Patch
https://git.kernel.org/stable/c/3fa13203b6d90cc3a33af47b058739f92ab82eef
Patch
https://git.kernel.org/stable/c/ec5caa765f7f6960011c919c9aeb1467940421f6
Patch
https://git.kernel.org/stable/c/a836be60a3aabcedcd9c79f545d409ace1f20ba6
Patch
https://git.kernel.org/stable/c/a337706c1fb35aac3f26b48aca80421bdbe1d33a
Patch
https://git.kernel.org/stable/c/61ae320a29b0540c16931816299eb86bf2b66c08
Patch