Bug 1217473 (CVE-2023-5972) - VUL-0: CVE-2023-5972: kernel-source,kernel-source-azure,kernel-source-rt: kernel: null pointer dereference flaw was found in the nft_inner.c
Summary: VUL-0: CVE-2023-5972: kernel-source,kernel-source-azure,kernel-source-rt: ker...
Status: RESOLVED FIXED
Alias: CVE-2023-5972
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/386005/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-11-24 08:36 UTC by SMASH SMASH
Modified: 2024-06-25 18:01 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2023-11-24 08:36:48 UTC 
A null pointer dereference flaw was found in the nft_inner.c functionality of
netfilter in the Linux kernel. This issue could allow a local user to crash the
system or escalate their privileges on the system.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5972
Comment 1 Thomas Leroy 2023-11-24 08:39:09 UTC 
Only SLE15-SP6 has the buggy commit and not the fixes [0][1]. stable is already fixed.

[0] https://github.com/torvalds/linux/commit/52177bbf19e6e9398375a148d2e13ed492b40b80
[1] https://github.com/torvalds/linux/commit/505ce0630ad5d31185695f8a29dde8d29f28faa7
Comment 11 Thomas Bogendoerfer 2024-01-05 08:43:57 UTC 
Fix is now in SLE15-SP6
Comment 20 Andrea Mattiazzo 2024-05-24 10:29:42 UTC 
All done, closing.