From bippy-a5840b7849dd Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: <linux-cve-announce@vger.kernel.org>
Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
Subject: CVE-2023-52433: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction

New elements in this transaction might expired before such transaction
ends. Skip sync GC for such elements otherwise commit path might walk
over an already released object. Once transaction is finished, async GC
will collect such expired element.

The Linux kernel CVE team has assigned CVE-2023-52433 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 6.5 with commit f6c383b8c31a and fixed in 6.5.4 with commit e3213ff99a35
	Issue introduced in 6.5 with commit f6c383b8c31a and fixed in 6.6 with commit 2ee52ae94baa
	Issue introduced in 6.4.11 with commit e4d71d6a9c7d

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52433
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	net/netfilter/nft_set_rbtree.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/9db9feb841f7449772f9393c16b9ef4536d8c127
	https://git.kernel.org/stable/c/03caf75da1059f0460666c826e9f50e13dfd0017
	https://git.kernel.org/stable/c/c323ed65f66e5387ee0a73452118d49f1dae81b8
	https://git.kernel.org/stable/c/9af7dfb3c9d7985172a240f85e684c5cd33e29ce
	https://git.kernel.org/stable/c/9a8c544158f68f656d1734eb5ba00c4f817b76b1
	https://git.kernel.org/stable/c/e3213ff99a355cda811b41e8dbb3472d13167a3a
	https://git.kernel.org/stable/c/2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4