Drop CVE-2023-4563 in favour of CVE-2023-4244

1 files changed, 24 insertions, 0 deletions

diff --git a/active/CVE-2023-4244 b/active/CVE-2023-4244
new file mode 100644
index 000000000..e6c247699
--- /dev/null
+++ b/active/CVE-2023-4244
@@ -0,0 +1,24 @@
+Description: Use-after-free in nft_verdict_dump due to a race between set GC and transaction
+References:
+ https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8
+ https://bugzilla.redhat.com/show_bug.cgi?id=2235306
+ https://lore.kernel.org/netdev/20230810070830.24064-1-pablo@netfilter.org/
+ https://lore.kernel.org/netdev/20230815223011.7019-1-fw@strlen.de/
+Notes:
+ carnil> Fixed as well in 6.4.12 for 6.4.y. Needs closer verification
+ carnil> which commits are actually needed to fix the issue in stable
+ carnil> series.
+ carnil> As per 2023-08-30 23185c6aed1f ("netfilter: nft_dynset:
+ carnil> disallow object maps") has been backported to all relevant
+ carnil> stable series, in particular 4.19.293, 5.10.192, 6.1.47,
+ carnil> 6.4.12.
+Bugs:
+upstream: released (6.5-rc6) [24138933b97b055d486e8064b4a1721702442a9b, 5f68718b34a531a556f2f50300ead2862278da26, f6c383b8c31a93752a52697f8430a71dcbc46adf, c92db3030492b8ad1d0faace7a93bbcf53850d0c, a2dd0233cbc4d8a0abb5f64487487ffc9265beb5], released (6.5-rc7) [6a33d8b73dfac0a41f3877894b38082bd0c9a5bc, 02c6c24402bf1c1e986899c14ba22a10b510916b, 23185c6aed1ffb8fc44087880ba2767aba493779]
+6.1-upstream-stable:
+5.10-upstream-stable:
+4.19-upstream-stable:
+sid: released (6.4.13-1)
+6.1-bookworm-security:
+5.10-bullseye-security:
+4.19-buster-security: