cve/published/2023/CVE-2023-52925.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don't fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED]     ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other ->activate callbacks\n(bitmap, hash, rhash, rbtree) use elem->priv.\nSame for .remove: other set implementations take elem->priv,\nnft_pipapo_remove fetches elem->priv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor ->deactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "net/netfilter/nft_set_pipapo.c"
                ],
                "versions": [
                   {
                      "version": "b15ea4017af82011dd55225ce77cce3d4dfc169c",
                      "lessThan": "891ca5dfe3b718b441fc786014a7ba8f517da188",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "7c7e658a36f8b1522bd3586d8137e5f93a25ddc5",
                      "lessThan": "af78b0489e8898a8c9449ffc0fdd2e181916f0d4",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "59dab3bf0b8fc08eb802721c0532f13dd89209b8",
                      "lessThan": "59ee68c437c562170265194a99698c805a686bb3",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "bd156ce9553dcaf2d6ee2c825d1a5a1718e86524",
                      "lessThan": "156369a702c33ad5434a19c3a689bfb836d4e0b8",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "24138933b97b055d486e8064b4a1721702442a9b",
                      "lessThan": "7845914f45f066497ac75b30c50dbc735e84e884",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "94313a196b44184b5b52c1876da6a537701b425a",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "1da4874d05da1526b11b82fc7f3c7ac38749ddf8",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "net/netfilter/nft_set_pipapo.c"
                ],
                "versions": [
                   {
                      "version": "6.4.11",
                      "lessThan": "6.4.12",
                      "status": "affected",
                      "versionType": "semver"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.4.11",
                            "versionEndExcluding": "6.4.12"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "4.19.316"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.4.262"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/891ca5dfe3b718b441fc786014a7ba8f517da188"
             },
             {
                "url": "https://git.kernel.org/stable/c/af78b0489e8898a8c9449ffc0fdd2e181916f0d4"
             },
             {
                "url": "https://git.kernel.org/stable/c/59ee68c437c562170265194a99698c805a686bb3"
             },
             {
                "url": "https://git.kernel.org/stable/c/156369a702c33ad5434a19c3a689bfb836d4e0b8"
             },
             {
                "url": "https://git.kernel.org/stable/c/7845914f45f066497ac75b30c50dbc735e84e884"
             }
          ],
          "title": "netfilter: nf_tables: don't fail inserts if duplicate has expired",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2023-52925",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don't fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other ->activate callbacks\n(bitmap, hash, rhash, rbtree) use elem->priv.\nSame for .remove: other set implementations take elem->priv,\nnft_pipapo_remove fetches elem->priv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor ->deactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"net/netfilter/nft_set_pipapo.c"
	],
	"versions": [
	{
	"version": "b15ea4017af82011dd55225ce77cce3d4dfc169c",
	"lessThan": "891ca5dfe3b718b441fc786014a7ba8f517da188",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "7c7e658a36f8b1522bd3586d8137e5f93a25ddc5",
	"lessThan": "af78b0489e8898a8c9449ffc0fdd2e181916f0d4",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "59dab3bf0b8fc08eb802721c0532f13dd89209b8",
	"lessThan": "59ee68c437c562170265194a99698c805a686bb3",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "bd156ce9553dcaf2d6ee2c825d1a5a1718e86524",
	"lessThan": "156369a702c33ad5434a19c3a689bfb836d4e0b8",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "24138933b97b055d486e8064b4a1721702442a9b",
	"lessThan": "7845914f45f066497ac75b30c50dbc735e84e884",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "94313a196b44184b5b52c1876da6a537701b425a",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "1da4874d05da1526b11b82fc7f3c7ac38749ddf8",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"net/netfilter/nft_set_pipapo.c"
	],
	"versions": [
	{
	"version": "6.4.11",
	"lessThan": "6.4.12",
	"status": "affected",
	"versionType": "semver"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.4.11",
	"versionEndExcluding": "6.4.12"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "4.19.316"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.4.262"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/891ca5dfe3b718b441fc786014a7ba8f517da188"
	},
	{
	"url": "https://git.kernel.org/stable/c/af78b0489e8898a8c9449ffc0fdd2e181916f0d4"
	},
	{
	"url": "https://git.kernel.org/stable/c/59ee68c437c562170265194a99698c805a686bb3"
	},
	{
	"url": "https://git.kernel.org/stable/c/156369a702c33ad5434a19c3a689bfb836d4e0b8"
	},
	{
	"url": "https://git.kernel.org/stable/c/7845914f45f066497ac75b30c50dbc735e84e884"
	}
	],
	"title": "netfilter: nf_tables: don't fail inserts if duplicate has expired",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2023-52925",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}