CVE-2023-6040 - OpenCVE

An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html
http://www.openwall.com/lists/oss-security/2024/01/12/1	Mailing List Patch Third Party Advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://www.openwall.com/lists/oss-security/2024/01/12/1	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: canonical

Published: 2024-01-12T01:37:45.387Z

Updated: 2024-01-12T01:37:45.387Z

Reserved: 2023-11-08T20:12:50.288Z

Link: CVE-2023-6040

JSON object: View

NVD Information

Status : Modified

Published: 2024-01-12T02:15:44.683

Modified: 2024-06-27T13:15:54.080

Link: CVE-2023-6040

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-6040", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2023-11-08T20:12:50.288Z", "datePublished": "2024-01-12T01:37:45.387Z", "dateUpdated": "2024-01-12T01:37:45.387Z"}, "containers": {"cna": {"affected": [{"packageName": "linux", "product": "linux", "vendor": "The Linux Kernel Organization", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", "platforms": ["Linux"], "versions": [{"lessThan": "5.18-rc1", "status": "affected", "version": "0", "versionType": "semver"}]}], "title": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family)", "descriptions": [{"lang": "en", "value": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access."}], "workarounds": [{"lang": "en", "value": "Disabling unprivileged user namespaces mitigates the issue."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["issue-tracking"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040"}, {"tags": ["mailing-list"], "url": "https://www.openwall.com/lists/oss-security/2024/01/12/1"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/12/1"}, {"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "credits": [{"lang": "en", "type": "finder", "value": "Lin Ma from Ant Security Light-Year Lab & ZJU"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-01-12T01:37:45.387Z"}}}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C75006C6-1F2B-445B-A5DE-64343A1B0A48", "versionEndIncluding": "5.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access."}, {"lang": "es", "value": "Se inform\u00f3 y solucion\u00f3 una vulnerabilidad de acceso fuera de los l\u00edmites que involucraba a netfilter como: f1082dd31fe4 (netfilter: nf_tables: Rechazar tablas de familia no admitida); Al crear una nueva tabla netfilter, la falta de protecci\u00f3n contra valores no v\u00e1lidos de la familia nf_tables (pf) dentro de la funci\u00f3n `nf_tables_newtable` permite a un atacante lograr un acceso fuera de los l\u00edmites."}], "id": "CVE-2023-6040", "lastModified": "2024-06-27T13:15:54.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2024-01-12T02:15:44.683", "references": [{"source": "security@ubuntu.com", "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/01/12/1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040"}, {"source": "security@ubuntu.com", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"}, {"source": "security@ubuntu.com", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2024/01/12/1"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "security@ubuntu.com", "type": "Secondary"}]}