Vulnerabilities > CVE-2023-52628 - Out-of-bounds Write vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option support was added. Bug reported by Zero Day Initiative project (ZDI-CAN-21950, ZDI-CAN-21951, ZDI-CAN-21961).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/1ad7b189cc1411048434e8595ffcbe7873b71082
- https://git.kernel.org/stable/c/1ad7b189cc1411048434e8595ffcbe7873b71082
- https://git.kernel.org/stable/c/28a97c43c9e32f437ebb8d6126f9bb7f3ca9521a
- https://git.kernel.org/stable/c/28a97c43c9e32f437ebb8d6126f9bb7f3ca9521a
- https://git.kernel.org/stable/c/a7d86a77c33ba1c357a7504341172cc1507f0698
- https://git.kernel.org/stable/c/a7d86a77c33ba1c357a7504341172cc1507f0698
- https://git.kernel.org/stable/c/c8f292322ff16b9a2272a67de396c09a50e09dce
- https://git.kernel.org/stable/c/c8f292322ff16b9a2272a67de396c09a50e09dce
- https://git.kernel.org/stable/c/cf39c4f77a773a547ac2bcf30ecdd303bb0c80cb
- https://git.kernel.org/stable/c/cf39c4f77a773a547ac2bcf30ecdd303bb0c80cb
- https://git.kernel.org/stable/c/d9ebfc0f21377690837ebbd119e679243e0099cc
- https://git.kernel.org/stable/c/d9ebfc0f21377690837ebbd119e679243e0099cc
- https://git.kernel.org/stable/c/fd94d9dadee58e09b49075240fe83423eb1dcd36
- https://git.kernel.org/stable/c/fd94d9dadee58e09b49075240fe83423eb1dcd36