The vulnerability of the nft_verdict_dump() function in the net/netfilter/nf_tables_api.c module of the Linux kernel’s netfilter component allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

🗓️ 04 Sep 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

nft_verdict_dump flaw in nf_tables_api.c permits freed memory reuse under concurrency, risking confidentiality.

Reporter	Title	Published	Views	Family All 60
CNNVD	编号撤回	28 Aug 202300:00	–	cnnvd
CVE	CVE-2023-4563	1 Jan 197600:00	–	cve
Cvelist	CVE-2023-4563	1 Jan 197600:00	–	cvelist
Debian CVE	CVE-2023-4563	1 Jan 197600:00	–	debiancve
Fedora	[SECURITY] Fedora 38 Update: kernel-6.4.13-200.fc38	3 Sep 202301:16	–	fedora
Fedora	[SECURITY] Fedora 37 Update: kernel-6.4.13-100.fc37	3 Sep 202301:28	–	fedora
Tenable Nessus	Fedora 37 : kernel (2023-a1ca0ef4d6)	3 Sep 202300:00	–	nessus
Tenable Nessus	Fedora 38 : kernel (2023-da8b7c1ca3)	3 Sep 202300:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3599-1)	15 Sep 202300:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : kernel (SUSE-SU-2023:3599-2)	22 Sep 202300:00	–	nessus

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
lore	www.lore.kernel.org/netdev/[email protected]/
lore	www.lore.kernel.org/netdev/[email protected]/
access	www.access.redhat.com/security/cve/CVE-2023-4563
kernel	www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.262
kernel	www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.198
kernel	www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.134
kernel	www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.56
kernel	www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12

20 Dec 2023 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 26

CVSS 37

nft verdict dump nf tables api memory reuse concurrency issue data confidentiality data integrity data availability