« List of all CVEs

CVE-2023-42756

Kernel: netfilter: race condition between ipset_cmd_add and ipset_cmd_swap

Published: 9/28/2023 Last updated: 11/6/2025 Reserved: 9/13/2023

A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 4.4 Medium CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (6)

Product Vendor Version
Red Hat Enterprise Linux 9 Red Hat 6.17
Red Hat Enterprise Linux 9 Red Hat < 6.17
Red Hat Enterprise Linux 6 Red Hat <= 6.17.*
Red Hat Enterprise Linux 7 Red Hat <= *
Red Hat Enterprise Linux 7 Red Hat 67b44df162fab26df209bd5d5d542875fcbec1d0
Red Hat Enterprise Linux 9 Red Hat < c2fef5ebb73f3dabae6fbc571d181914ed32c483

References (24)