CVE-2023-42756: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability (CVE-2023-42756) was discovered in the Netfilter subsystem of the Linux kernel. The vulnerability was found between IPSETCMDADD and IPSETCMDSWAP operations, which can lead to a kernel panic due to the invocation of __ip_set_put on an incorrect set. The issue was discovered in September 2023 and affects multiple Linux kernel versions including upstream, v6.5.rc7, v6.1, and v5.10 (OSS-SEC).

The vulnerability occurs in the ip_set_swap function where the ip_set_ref_lock is held during set swapping operations. However, in the retry loop within the call_ad function, no lock is held during the cond_resched() call. This allows thread 2 to swap the set with another set while thread 1 is in cond_resched(). When thread 1 resumes, it operates on the wrong set, leading to an incorrect reference count manipulation and triggering a BUG_ON(set->ref == 0) check (OSS-SEC). The CVSS v3.1 base score is 4.7 (Medium) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability allows a local user to cause a denial of service by triggering a kernel panic. This can lead to system crashes, affecting system availability (NVD, OSS-SEC).

The issue has been fixed in Linux kernel 6.6-rc3 with a patch prepared by Jozsef Kadlecsik. The fix involves correcting the reference counter usage in the call_ad function, using set->ref_netlink instead of set->ref. Various Linux distributions have released updates to address this vulnerability, including Red Hat Enterprise Linux, Fedora, and Debian (OSS-SEC, Red Hat).