Linux Kernel Vulnerability in Netfilter Affecting Nftables Functionality
CVE-2023-52925

6.2MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 February 2025

Summary

A vulnerability in the Linux kernel's netfilter component allows for incorrect handling of expired duplicate entries during insertion operations in nftables. This flaw, linked to the mishandling of expired elements, has the potential to disrupt the expected behavior of nftables' element activation and deletion processes, posing risks to system stability and security. Furthermore, the implementation asymmetry observed in nft_pipapo_activate and other element handlers could lead to unintended consequences in how duplicate elements are processed. It is crucial for users to apply the latest updates to ensure that expired entries are properly ignored, maintaining the integrity of the kernel's netfilter functionality.

Affected Version(s)

Linux b15ea4017af82011dd55225ce77cce3d4dfc169c < 891ca5dfe3b718b441fc786014a7ba8f517da188

Linux 7c7e658a36f8b1522bd3586d8137e5f93a25ddc5

Linux 59dab3bf0b8fc08eb802721c0532f13dd89209b8 < 59ee68c437c562170265194a99698c805a686bb3

References

https://git.kernel.org/stable/c/891ca5dfe3b718b441fc78601...

https://git.kernel.org/stable/c/af78b0489e8898a8c9449ffc0...

https://git.kernel.org/stable/c/59ee68c437c562170265194a9...

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Aug 21, 2024