Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Netapp
  • H700s
  • H410c
  • H500s
  • H410s
  • H300s
Fedoraproject
  • Fedora
Debian
  • Debian Linux
Linux
  • Linux Kernel

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
References
Link Resource
http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2023/07/05/3 Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/ Mailing List
https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/ Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20230824-0007/ Third Party Advisory VDB Entry
https://www.debian.org/security/2023/dsa-5453 Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/07/05/3 Mailing List
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: canonical

Published: 2023-07-05T18:35:17.785Z

Updated: 2023-07-05T18:35:17.785Z

Reserved: 2023-06-29T21:43:35.036Z

Link: CVE-2023-35001

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2023-07-05T19:15:10.147

Modified: 2024-01-11T19:15:09.490

Link: CVE-2023-35001

JSON object: View

cve-icon Redhat Information

No data.

CWE