CVE-2023-35001 - Linux kernel nf_tables nft_byteorder_eval OOB read/write

[Thadeu Lima de Souza Cascardo <cascardo () canonical com>]

It was discovered that it was possible to cause an out-of-bounds read or
write when processing an nft_byteorder expression.

Tanguy DUBROCA (@SidewayRE) from @Synacktiv working with Trend Micro's Zero
Day Initiative discovered that this vulnerability could be exploited for
Local Privilege Escalation. This has been reported as ZDI-CAN-20721, and
assigned CVE-2023-35001.

Exploiting it requires CAP_NET_ADMIN in any user or network namespace.

This bug was introduced by commit 96518518cc41 ("netfilter: add nftables"),
which is present since v3.13-rc1.

A fix has been sent to netfilter-devel () vger kernel org and is at
https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo () canonical com/T/.