CVE-2023-52927: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.
CVE-2023-52927CVSS 7.8Linux

CVE-2023-52927: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.

CVSS
7.8 HIGH
EPSS
21.23%
Активно використовується
немає в KEV
Продукт
linux kernel

Що відомо

In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.

Джерела

Безпекові сповіщення

Отримуйте CVE-сповіщення до того, як вони стануть інцидентом

Надсилаємо вибрані інфраструктурні загрози українською з практичними нотатками для середовищ DataHouse.

  • DataHouse: адміністрування серверів і безпечна хмара
  • Hostilla.pl: хостинг і поштові послуги
  • SecDNS.pl: безплатний рівень DNS-безпеки