oss-sec mailing list archives
CVE-2023-35001 - Linux kernel nf_tables nft_byteorder_eval OOB read/write
From: Thadeu Lima de Souza Cascardo <cascardo () canonical com>
Date: Wed, 5 Jul 2023 14:09:08 -0300
It was discovered that it was possible to cause an out-of-bounds read or write when processing an nft_byteorder expression. Tanguy DUBROCA (@SidewayRE) from @Synacktiv working with Trend Micro's Zero Day Initiative discovered that this vulnerability could be exploited for Local Privilege Escalation. This has been reported as ZDI-CAN-20721, and assigned CVE-2023-35001. Exploiting it requires CAP_NET_ADMIN in any user or network namespace. This bug was introduced by commit 96518518cc41 ("netfilter: add nftables"), which is present since v3.13-rc1. A fix has been sent to netfilter-devel () vger kernel org and is at https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo () canonical com/T/.
Current thread:
- CVE-2023-35001 - Linux kernel nf_tables nft_byteorder_eval OOB read/write Thadeu Lima de Souza Cascardo (Jul 05)