{"id":"CVE-2023-52628","summary":"netfilter: nftables: exthdr: fix 4-byte stack OOB write","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nftables: exthdr: fix 4-byte stack OOB write\n\nIf priv-\u003elen is a multiple of 4, then dst[len / 4] can write past\nthe destination array which leads to stack corruption.\n\nThis construct is necessary to clean the remainder of the register\nin case -\u003elen is NOT a multiple of the register size, so make it\nconditional just like nft_payload.c does.\n\nThe bug was added in 4.1 cycle and then copied/inherited when\ntcp/sctp and ip option support was added.\n\nBug reported by Zero Day Initiative project (ZDI-CAN-21950,\nZDI-CAN-21951, ZDI-CAN-21961).","modified":"2026-04-02T09:43:09.864176Z","published":"2024-03-28T07:33:46.217Z","related":["SUSE-SU-2024:1454-1","SUSE-SU-2024:1465-1","SUSE-SU-2024:1466-1","SUSE-SU-2024:1480-1","SUSE-SU-2024:1489-1","SUSE-SU-2024:1490-1","SUSE-SU-2024:1641-1","SUSE-SU-2024:1643-1","SUSE-SU-2024:1646-1","SUSE-SU-2024:1647-1","SUSE-SU-2024:1870-1","SUSE-SU-2024:2091-1","SUSE-SU-2024:2094-1","SUSE-SU-2024:2109-1","SUSE-SU-2024:2124-1","SUSE-SU-2024:2156-1","SUSE-SU-2024:2164-1","SUSE-SU-2024:2216-1","SUSE-SU-2024:2217-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52628.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1ad7b189cc1411048434e8595ffcbe7873b71082"},{"type":"WEB","url":"https://git.kernel.org/stable/c/28a97c43c9e32f437ebb8d6126f9bb7f3ca9521a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a7d86a77c33ba1c357a7504341172cc1507f0698"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c8f292322ff16b9a2272a67de396c09a50e09dce"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cf39c4f77a773a547ac2bcf30ecdd303bb0c80cb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d9ebfc0f21377690837ebbd119e679243e0099cc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fd94d9dadee58e09b49075240fe83423eb1dcd36"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52628.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52628"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"49499c3e6e18b7677a63316f3ff54a16533dc28f"},{"fixed":"28a97c43c9e32f437ebb8d6126f9bb7f3ca9521a"},{"fixed":"cf39c4f77a773a547ac2bcf30ecdd303bb0c80cb"},{"fixed":"a7d86a77c33ba1c357a7504341172cc1507f0698"},{"fixed":"1ad7b189cc1411048434e8595ffcbe7873b71082"},{"fixed":"d9ebfc0f21377690837ebbd119e679243e0099cc"},{"fixed":"c8f292322ff16b9a2272a67de396c09a50e09dce"},{"fixed":"fd94d9dadee58e09b49075240fe83423eb1dcd36"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52628.json"}}],"schema_version":"1.7.5"}