Bugzilla – Bug 1215095
VUL-0: CVE-2023-3777: kernel-source-azure,kernel-source,kernel-source-rt: netfilter: nf_tables use-after-free via nf_tables_delrule()
Last modified: 2024-01-31 12:49:04 UTC
CVE-2023-3777 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3777 https://bugzilla.redhat.com/show_bug.cgi?id=2237750 https://www.cve.org/CVERecord?id=CVE-2023-3777 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8
Affected: - SLE15-SP3-LTSS (but not cve/linux-5.3) - SLE15-SP4 Already fixed: - SLE15-SP6 - stable - master
Hi Denis, Because this CVE issue relates to net/netfilter subsystem. Could you please help to handle it? If this is not in your area, just reset bug assigner to kernel-bugs@suse.de. Kernel Security Sentinel will find other expert. Thanks a lot!
taken
Hi Denis, This bug seems to approach a good date for CVE SLA fulfillment [1]. What is its status, please? [1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel
(In reply to Chester Lin from comment #4) > Hi Denis, > > This bug seems to approach a good date for CVE SLA fulfillment [1]. > What is its status, please? > > [1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel pushed to affected branches, reassigning back to security team
(In reply to Denis Kirjanov from comment #5) > (In reply to Chester Lin from comment #4) > > Hi Denis, > > > > This bug seems to approach a good date for CVE SLA fulfillment [1]. > > What is its status, please? > > > > [1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel > > pushed to affected branches, reassigning back to security team Hi Denis, it seems that 15.4 backport haven't being pushed. Can you please recheck? Thanks
ping?
denis, can you check missing 15-sp4 inclusion?
(In reply to Marcus Meissner from comment #8) > denis, can you check missing 15-sp4 inclusion? The patch supposed to be in the tree but it's not :/ Pushed, thank you!
Is this a reason to resubmit?
(In reply to Vlastimil Babka from comment #11) > Is this a reason to resubmit? After confirmation on Slack, I have resubmitted 15-SP4, but 15-SP5 was meanwhile submitted without the fix, and thus should be also resubmitted.
SUSE-SU-2023:4348-1: An update that solves 11 vulnerabilities and has three security fixes can now be installed. Category: security (important) Bug References: 1210778, 1210853, 1212051, 1214842, 1215095, 1215467, 1215518, 1215745, 1215858, 1215860, 1215861, 1216046, 1216051, 1216134 CVE References: CVE-2023-2163, CVE-2023-31085, CVE-2023-3111, CVE-2023-34324, CVE-2023-3777, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-45862 Sources used: openSUSE Leap 15.3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2, kernel-obs-qa-5.3.18-150300.59.141.1, kernel-source-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-livepatch-SLE15-SP3_Update_38-1-150300.7.3.2 SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_38-1-150300.7.3.2 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2 SUSE Manager Proxy 4.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1 SUSE Manager Retail Branch Server 4.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1 SUSE Manager Server 4.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1 SUSE Enterprise Storage 7.1 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2 SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4345-1: An update that solves nine vulnerabilities and has 14 security fixes can now be installed. Category: security (important) Bug References: 1208788, 1210778, 1211307, 1212423, 1212649, 1213705, 1214842, 1215095, 1215104, 1215518, 1215745, 1215768, 1215860, 1215955, 1215986, 1216046, 1216051, 1216062, 1216345, 1216510, 1216511, 1216512, 1216621 CVE References: CVE-2023-2163, CVE-2023-31085, CVE-2023-34324, CVE-2023-3777, CVE-2023-39189, CVE-2023-39193, CVE-2023-45862, CVE-2023-46813, CVE-2023-5178 Sources used: openSUSE Leap 15.4 (src): kernel-syms-azure-5.14.21-150400.14.72.1, kernel-source-azure-5.14.21-150400.14.72.1 Public Cloud Module 15-SP4 (src): kernel-syms-azure-5.14.21-150400.14.72.1, kernel-source-azure-5.14.21-150400.14.72.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4358-1: An update that solves nine vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1212051, 1214842, 1215095, 1215467, 1215518, 1215745, 1215858, 1215860, 1215861, 1216046 CVE References: CVE-2023-2163, CVE-2023-3111, CVE-2023-34324, CVE-2023-3777, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4378-1: An update that solves seven vulnerabilities and has 14 security fixes can now be installed. Category: security (important) Bug References: 1208788, 1210778, 1211307, 1212423, 1212649, 1213705, 1213772, 1214842, 1215095, 1215104, 1215518, 1215955, 1215956, 1215957, 1215986, 1216062, 1216345, 1216510, 1216511, 1216512, 1216621 CVE References: CVE-2023-2163, CVE-2023-31085, CVE-2023-34324, CVE-2023-3777, CVE-2023-39189, CVE-2023-39193, CVE-2023-5178 Sources used: openSUSE Leap 15.4 (src): kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2, kernel-source-5.14.21-150400.24.97.1, kernel-livepatch-SLE15-SP4_Update_20-1-150400.9.3.2, kernel-syms-5.14.21-150400.24.97.1, kernel-obs-qa-5.14.21-150400.24.97.1, kernel-obs-build-5.14.21-150400.24.97.1 openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 openSUSE Leap Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2 Basesystem Module 15-SP4 (src): kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2, kernel-source-5.14.21-150400.24.97.1 Development Tools Module 15-SP4 (src): kernel-syms-5.14.21-150400.24.97.1, kernel-source-5.14.21-150400.24.97.1, kernel-obs-build-5.14.21-150400.24.97.1 SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_20-1-150400.9.3.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4375-1: An update that solves nine vulnerabilities and has 17 security fixes can now be installed. Category: security (important) Bug References: 1208788, 1211162, 1211307, 1212423, 1212649, 1213705, 1213772, 1214754, 1214874, 1215095, 1215104, 1215523, 1215545, 1215921, 1215955, 1215986, 1216062, 1216202, 1216322, 1216323, 1216324, 1216333, 1216345, 1216512, 1216621, 802154 CVE References: CVE-2023-2163, CVE-2023-31085, CVE-2023-34324, CVE-2023-3777, CVE-2023-39189, CVE-2023-39191, CVE-2023-39193, CVE-2023-46813, CVE-2023-5178 Sources used: SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_7-1-150500.11.5.1 openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5_Update_7-1-150500.11.5.1, kernel-source-5.14.21-150500.55.36.1, kernel-obs-qa-5.14.21-150500.55.36.1, kernel-syms-5.14.21-150500.55.36.1, kernel-obs-build-5.14.21-150500.55.36.1, kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3 SUSE Linux Enterprise Micro 5.5 (src): kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3 Basesystem Module 15-SP5 (src): kernel-source-5.14.21-150500.55.36.1, kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3 Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.36.1, kernel-obs-build-5.14.21-150500.55.36.1, kernel-syms-5.14.21-150500.55.36.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
The fix seems to be in all affected branches mentioned in the comment #1. => reassigning back to the security team for further tracking
SUSE-SU-2023:4732-1: An update that solves 15 vulnerabilities, contains three features and has 39 security fixes can now be installed. Category: security (important) Bug References: 1207948, 1210447, 1212649, 1214286, 1214700, 1214840, 1214976, 1215095, 1215123, 1215124, 1215292, 1215420, 1215458, 1215710, 1215802, 1215931, 1216058, 1216105, 1216259, 1216527, 1216584, 1216621, 1216687, 1216693, 1216759, 1216761, 1216788, 1216844, 1216861, 1216909, 1216959, 1216965, 1216976, 1217036, 1217068, 1217086, 1217095, 1217124, 1217140, 1217147, 1217195, 1217196, 1217200, 1217205, 1217332, 1217366, 1217511, 1217515, 1217598, 1217599, 1217609, 1217687, 1217731, 1217780 CVE References: CVE-2023-2006, CVE-2023-25775, CVE-2023-3777, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46813, CVE-2023-46862, CVE-2023-5158, CVE-2023-5633, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176 Jira References: PED-3184, PED-5021, PED-7237 Sources used: openSUSE Leap 15.5 (src): kernel-source-rt-5.14.21-150500.13.27.2, kernel-syms-rt-5.14.21-150500.13.27.1, kernel-livepatch-SLE15-SP5-RT_Update_8-1-150500.11.3.2 SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_8-1-150500.11.3.2 SUSE Real Time Module 15-SP5 (src): kernel-source-rt-5.14.21-150500.13.27.2, kernel-syms-rt-5.14.21-150500.13.27.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done