CVE-2023-4569 : A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf

A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak.

Published 2023-08-28 22:15:10

Updated 2023-11-04 02:39:33

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2023-4569

Debian » Debian Linux » Version: 12.0
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 6.5
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.5 Update RC1
cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.5 Update RC2
cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.5 Update RC3
cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.5 Update RC4
cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.5 Update RC5
cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.5 Update RC6
cpe:2.3:o:linux:linux_kernel:6.5:rc6:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-4569

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-4569

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	Red Hat, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2023-4569

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-4569

https://www.debian.org/security/2023/dsa-5492

Debian -- Security Information -- DSA-5492-1 linux
Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=2235470

2235470 – (CVE-2023-4569) CVE-2023-4569 kernel: information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c
Issue Tracking;Patch;Third Party Advisory
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230812110526.49808-1-fw@strlen.de/

[nf] netfilter: nf_tables: deactivate catchall elements in next generation - Patchwork
Mailing List;Patch
https://access.redhat.com/security/cve/CVE-2023-4569

CVE-2023-4569- Red Hat Customer Portal
Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-4569

Products affected by CVE-2023-4569

Exploit prediction scoring system (EPSS) score for CVE-2023-4569

CVSS scores for CVE-2023-4569

CWE ids for CVE-2023-4569

References for CVE-2023-4569