CVE-2023-53032

netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.

Published: 3/27/2025 Last updated: 5/4/2025 Reserved: 3/27/2025

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of an arithmetic expression 2 << (netmask - mask_bits - 1) is subject to overflow due to a failure casting operands to a larger data type before performing the arithmetic. Note that it's harmless since the value will be checked at the next step. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.

CNA assigner: Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (2)

Product	Vendor	Version
Linux	Linux	< c2798203315f4729bab0b917bf4c17a159abf9f8
Linux	Linux	x64-based Systems

CVE-2023-53032

netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.

Opam packages affected (27)

Products affected (2)

References (7)