Add CVE-2023-6817

Signed-off-by: Denis Efremov <efremov@linux.com>
evdenis · Feb 15, 2024 · 4833161 · 4833161
1 parent 5468588
commit 4833161
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/cvehound/cve/CVE-2023-6817.cocci b/cvehound/cve/CVE-2023-6817.cocci
@@ -0,0 +1,25 @@
+/// Files: net/netfilter/nft_set_pipapo.c
+/// Fix: 317eb9685095678f2c9f5a8189de698c5354316a
+/// Fixes: 3c4287f62044a90e73a561aa05fc46e62da173da
+
+virtual detect
+
+@err@
+identifier e, f, iter, cont;
+position p;
+@@
+
+nft_pipapo_walk(...)
+{
+	...
+*	e =@p f->mt[r].e;
+	... when != if (!nft_set_elem_active(&e->ext, iter->genmask)) goto cont;
+*	iter->err = iter->fn(...);
+	...
+}
+
+@script:python depends on detect@
+p << err.p;
+@@
+
+coccilib.report.print_report(p[0], 'ERROR: CVE-2023-6817')