CVE-2023-52628

Public on 2024-03-28
Modified on 2024-04-16
Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nftables: exthdr: fix 4-byte stack OOB write

If priv->len is a multiple of 4, then dst[len / 4] can write past
the destination array which leads to stack corruption.

This construct is necessary to clean the remainder of the register
in case ->len is NOT a multiple of the register size, so make it
conditional just like nft_payload.c does.

The bug was added in 4.1 cycle and then copied/inherited when
tcp/sctp and ip option support was added.

Bug reported by Zero Day Initiative project (ZDI-CAN-21950,
ZDI-CAN-21951, ZDI-CAN-21961).

Severity
Important
See what this means
CVSS v3 Base Score
7.0
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2024-05-13 ALAS-2024-1937
Amazon Linux 2 - Core kernel 2024-05-15 ALAS2-2024-2542
Amazon Linux 2 - Kernel-5.10 Extra kernel 2023-11-01 ALAS2KERNEL-5.10-2023-042
Amazon Linux 2 - Kernel-5.15 Extra kernel 2023-10-04 ALAS2KERNEL-5.15-2023-027
Amazon Linux 2 - Kernel-5.4 Extra kernel 2024-05-30 ALAS2KERNEL-5.4-2024-069
Amazon Linux 2023 kernel 2023-10-03 ALAS2023-2023-356

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2023-52628 Mitre: CVE-2023-52628