| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122438-CVE-2023-54035-76a5@gregkh>
Date: Wed, 24 Dec 2025 11:57:19 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-54035: netfilter: nf_tables: fix underflow in chain reference counter
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix underflow in chain reference counter
Set element addition error path decrements reference counter on chains
twice: once on element release and again via nft_data_release().
Then, d6b478666ffa ("netfilter: nf_tables: fix underflow in object
reference counter") incorrectly fixed this by removing the stateful
object reference count decrement.
Restore the stateful object decrement as in b91d90368837 ("netfilter:
nf_tables: fix leaking object reference count") and let
nft_data_release() decrement the chain reference counter, so this is
done only once.
The Linux kernel CVE team has assigned CVE-2023-54035 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.4 with commit 628bd3e49cba1c066228e23d71a852c23e26da73 and fixed in 6.4.4 with commit 9c959671abc7d4ffdf34eed10c64492d43cb6a3c
Issue introduced in 6.4 with commit 628bd3e49cba1c066228e23d71a852c23e26da73 and fixed in 6.5 with commit b389139f12f287b8ed2e2628b72df89a081f0b59
Issue introduced in 4.19.316 with commit bc9f791d2593f17e39f87c6e2b3a36549a3705b1
Issue introduced in 5.4.262 with commit 3c7ec098e3b588434a8b07ea9b5b36f04cef1f50
Issue introduced in 5.10.188 with commit a136b7942ad2a50de708f76ea299ccb45ac7a7f9
Issue introduced in 5.15.121 with commit 25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f8
Issue introduced in 6.1.36 with commit d60be2da67d172aecf866302c91ea11533eca4d9
Issue introduced in 6.3.10 with commit dc7cdf8cbcbf8b13de1df93f356ec04cdeef5c41
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-54035
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
net/netfilter/nf_tables_api.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/b068314fd8ce751a7f906e55bb90f3551815f1a0
https://git.kernel.org/stable/c/9c959671abc7d4ffdf34eed10c64492d43cb6a3c
https://git.kernel.org/stable/c/b389139f12f287b8ed2e2628b72df89a081f0b59
Powered by blists - more mailing lists