Linux Kernel Netfilter ipset Integer Underflow Vulnerability in Hash:net,port,net

A vulnerability in the Linux kernel's netfilter ipset component can lead to an integer underflow, causing a slab out-of-bounds access. This issue arises from the absence of the IP_SET_HASH_WITH_NET0 macro in the ip_set_hash_netportnet file, which results in incorrect calculations of array offsets. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can be exploited to cause a slab out-of-bounds access, which may lead to memory corruption or unauthorized memory access.

Reproduction

The vulnerability can be reproduced by using the ipset feature of netfilter with the hash:net,port,net option, while allowing CIDR 0. The missing IP_SET_HASH_WITH_NET0 macro will cause the vulnerability by allowing incorrect CIDR positions to be used in array offset calculations, leading to an integer underflow and out-of-bounds access.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.