CHK NVD : CVE-2023-6111 - 01217f63

[witchcraze]

[CVE Configuration Update Request] Update Suggestion - CVE-2023-6111 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2023-6111 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2023-6111.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2023-6111.json

- CVE-2023-6111
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.140
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.64
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.5.0 up to (excluding) 6.5.13
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.3
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7.0 up to (excluding) 6.7
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.140
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.64
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.13
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.3
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7
- Reference (Commit)
  - netfilter: nf_tables: remove catchall element in GC sync path
    - Fixed by
      - 5.15.140 (0d9506c766c9601fe22d15584a99c704d7941ef6)
      - 6.1.64 (13e2d49647a7f137ebc063a4a9702dda80371b2e)
      - 6.5.13 (e3e68e617bfa8dfc8625d5e728b0fe4b4fb83876)
      - 6.6.3 (80d6a9236ab6d2c0fd241514d1af2e325d16a210)
      - 6.7 (93995bf4af2c5a99e2a87f0cd5ce547d31eb7630) (upstream)
    - Will be introduced by
      - 5.15.134 (949369f9f0d9)
      - 6.1.56 (8c643a8e040d)
      - 6.5.6 (1e478aa1bfec)
      - 6.6 (4a9e12ea7e70)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX

https://nvd.nist.gov/vuln/detail/CVE-2023-6111	URI	Start(Ex)	Start(Inc)	End(Ex)	End(Inc)
cpe:/o:linux:linux_kernel	6.6	6.7

[witchcraze]

- CVE-2023-6111
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.134 up to (excluding) 5.15.140
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.56 up to (excluding) 6.1.64
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.5.6 up to (excluding) 6.5.13
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.3
- Reference
  - https://ubuntu.com/security/CVE-2023-6111
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.140
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.64
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.13
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.3
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.134
    - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.56
    - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.5.6
    - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6
- Reference (Commit)
  - netfilter: nf_tables: remove catchall element in GC sync path
    - Fixed by
      - 5.15.140 (0d9506c766c9601fe22d15584a99c704d7941ef6)
      - 6.1.64 (13e2d49647a7f137ebc063a4a9702dda80371b2e)
      - 6.5.13 (e3e68e617bfa8dfc8625d5e728b0fe4b4fb83876)
      - 6.6.3 (80d6a9236ab6d2c0fd241514d1af2e325d16a210)
      - 6.7 (93995bf4af2c5a99e2a87f0cd5ce547d31eb7630) (upstream)
    - Will be introduced by
      - 5.15.134 (949369f9f0d9)
      - 6.1.56 (8c643a8e040d)
      - 6.5.6 (1e478aa1bfec)
      - 6.6 (4a9e12ea7e70)
- I Checked
  - From ubuntu page
     - Introduced by 4a9e12ea7e70223555ec010bec9f711089ce96f6 Fixed by 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630
  - 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630 is written as upstream commit in each ChangeLog
  - 4a9e12ea7e70223555ec010bec9f711089ce96f6 is written in ChangeLog-6.6
  - 4a9e12ea7e70223555ec010bec9f711089ce96f6 is writtten as upstream commit in each ChangeLog (introduce)