ghsa-9fjm-8jhh-94vw
Vulnerability from github
Published
2024-04-28 15:30
Modified
2024-04-28 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()

syzbot is reporting underflow of nft_counters_enabled counter at nf_tables_addchain() [1], for commit 43eb8949cfdffa76 ("netfilter: nf_tables: do not leave chain stats enabled on error") missed that nf_tables_chain_destroy() after nft_basechain_init() in the error path of nf_tables_addchain() decrements the counter because nft_basechain_init() makes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag.

Increment the counter immediately after returning from nft_basechain_init().

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-48643"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-28T13:15:07Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()\n\nsyzbot is reporting underflow of nft_counters_enabled counter at\nnf_tables_addchain() [1], for commit 43eb8949cfdffa76 (\"netfilter:\nnf_tables: do not leave chain stats enabled on error\") missed that\nnf_tables_chain_destroy() after nft_basechain_init() in the error path of\nnf_tables_addchain() decrements the counter because nft_basechain_init()\nmakes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag.\n\nIncrement the counter immediately after returning from\nnft_basechain_init().",
  "id": "GHSA-9fjm-8jhh-94vw",
  "modified": "2024-04-28T15:30:29Z",
  "published": "2024-04-28T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48643"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/710e3f526bd23a0d33435dedc52c3144de284378"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8bcad2a931313aeba076b76922d5813ef97d0a91"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91aa52652f4b37089aff3cb53e83049d826fef6d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.