Oracle Linux: CVE-2023-6040: ELSA-2024-2394: kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories)
Description
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. An out-of-bounds access vulnerability was found in the Linux Kernel. This issue occurs during the creation of a new netfilter table. The absence of safeguards in the nf_tables_newtable function against invalid nf_tables family (pf) values allows attackers to achieve unauthorized access. Exploitation occurs in two locations: the xt_find_target function in x_tables.c permits faking xt_af data, and the nf_logger_find_get function in nf_log.c can enable an attacker to use an invalid pf to dereference adjacent global data. By manipulating these values, an attacker could achieve unauthorized access beyond the intended boundaries.
Solution(s)
- oracle-linux-upgrade-kernel
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center