CVE-2023-52628

netfilter: nftables: exthdr: fix 4-byte stack OOB write

References

https://cve.org/CVERecord/?id=CVE-2023-52628

Notes

 carnil> Introduced in 49499c3e6e18 ("netfilter: nf_tables: switch registers to 32 bit
 carnil> addressing")
 carnil> 935b7f643018 ("netfilter: nft_exthdr: add TCP option matching")
 carnil> 133dc203d77d ("netfilter: nft_exthdr: Support SCTP chunks")
 carnil> dbb5281a1f84 ("netfilter: nf_tables: add support for matching IPv4 options").
 carnil> Vulnerable versions: 4.1-rc1 4.11-rc1 5.3-rc1 5.10.198 5.14-rc1.

Bugs

Status

Branch	Status
4.19-buster-security	needed
4.19-upstream-stable	needed
5.10-bullseye-security	released (5.10.205-1)
5.10-upstream-stable	released (5.10.198) [a7d86a77c33ba1c357a7504341172cc1507f0698]
6.1-bookworm-security	released (6.1.55-1)
6.1-upstream-stable	released (6.1.54) [d9ebfc0f21377690837ebbd119e679243e0099cc]
6.6-upstream-stable	N/A "Fixed before branching point"
6.8-upstream-stable	N/A "Fixed before branching point"
sid	released (6.5.6-1)
upstream	released (6.6-rc1) [fd94d9dadee58e09b49075240fe83423eb1dcd36]