fkie_cve-2023-52923
Vulnerability from fkie_nvd
Published
2025-01-20 11:15
Modified
2025-01-20 11:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage collection anymore, instead the _DEAD bit is set on so the set element is not visible from lookup path anymore. Async GC enqueues transaction work that might be aborted and retried later. rbtree and pipapo set backends does not set on the _DEAD bit from the sync GC path since this runs in control plane path where mutex is held. In this case, set elements are deactivated, removed and then released via RCU callback, sync GC never fails.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/146c76866795553dbc19998f36718d7986ad302b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/479a2cf5259347d6a1f658b0f791d27a34908e91
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c357648929c8dff891502349769aafb8f0452bc2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cb4d00b563675ba8ff6ef94b077f58d816f68ba3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/df650d6a4bf47248261b61ef6b174d7c54034d15
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e4d71d6a9c7db93f7bf20c3a0f0659d63d7de681
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f6c383b8c31a93752a52697f8430a71dcbc46adf
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: adapt set backend to use GC transaction API\n\nUse the GC transaction API to replace the old and buggy gc API and the\nbusy mark approach.\n\nNo set elements are removed from async garbage collection anymore,\ninstead the _DEAD bit is set on so the set element is not visible from\nlookup path anymore. Async GC enqueues transaction work that might be\naborted and retried later.\n\nrbtree and pipapo set backends does not set on the _DEAD bit from the\nsync GC path since this runs in control plane path where mutex is held.\nIn this case, set elements are deactivated, removed and then released\nvia RCU callback, sync GC never fails."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: adaptar el backend del conjunto para usar la API de transacci\u00f3n de GC Use la API de transacci\u00f3n de GC para reemplazar la antigua y defectuosa API de gc y el enfoque de marca de ocupado. Ya no se eliminan elementos del conjunto de la recolecci\u00f3n de basura as\u00edncrona, en su lugar, se activa el bit _DEAD para que el elemento del conjunto ya no sea visible desde la ruta de b\u00fasqueda. La recolecci\u00f3n de basura as\u00edncrona pone en cola el trabajo de la transacci\u00f3n que podr\u00eda abortarse y reintentarse m\u00e1s tarde. Los backends de conjunto de rbtree y pipapo no activan el bit _DEAD de la ruta de GC de sincronizaci\u00f3n, ya que esto se ejecuta en la ruta del plano de control donde se mantiene el mutex. En este caso, los elementos del conjunto se desactivan, se eliminan y luego se liberan a trav\u00e9s de la devoluci\u00f3n de llamada de RCU, la GC de sincronizaci\u00f3n nunca falla."
    }
  ],
  "id": "CVE-2023-52923",
  "lastModified": "2025-01-20T11:15:07.670",
  "metrics": {},
  "published": "2025-01-20T11:15:07.670",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/146c76866795553dbc19998f36718d7986ad302b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/479a2cf5259347d6a1f658b0f791d27a34908e91"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c357648929c8dff891502349769aafb8f0452bc2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/cb4d00b563675ba8ff6ef94b077f58d816f68ba3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/df650d6a4bf47248261b61ef6b174d7c54034d15"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e4d71d6a9c7db93f7bf20c3a0f0659d63d7de681"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f6c383b8c31a93752a52697f8430a71dcbc46adf"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.