摘要:
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
If the offset + length goes over the ethernet + vlan header, then the
length is adjusted to copy the bytes that are within the boundaries of
the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet +
vlan header are copied directly from the skbuff data area.
Fix incorrect arithmetic operator: subtract, not add, the size of the
vlan header in case of double-tagged packets to adjust the length
accordingly to address CVE-2023-0179.
安全等级: Low
公告ID: KylinSec-SA-2025-2355
发布日期: 2025年4月20日
关联CVE: CVE-2023-53033
在 Linux 内核中,以下漏洞已被修复:
netfilter: nft_payload: 修正获取 VLAN 头位时的算术错误
当偏移量(offset)加长度(length)超过以太网头加VLAN头大小时,系统会调整长度以复制位于vlan_ethhdr暂存区边界内的字节。超出以太网头和VLAN头部分的剩余字节则直接从skbuff数据区复制。
修复了错误的算术运算符:对于双重标记(double-tagged)的数据包,应该减去而非加上VLAN头的大小来相应调整长度,以解决(CVE-2023-0179)漏洞。
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2023-53033 | KY3.4-5 | kernel | Unaffected |
| CVE-2023-53033 | V6 | kernel | Unaffected |
