Linux Kernel Netfilter Vulnerability Affecting Expectation Handling
CVE-2023-52927

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 14 March 2025

Summary

A vulnerability in the Linux kernel's netfilter module has been identified, involving the incorrect handling of expectations during connection tracking. Specifically, the function nf_conntrack_in() erroneously removes expectations from the hash table under certain conditions. The recent patches allow these expectations to remain intact by setting the IPS_CONFIRMED status, addressing situations where connection tracking might not confirm the created connection template. This change enhances stability and security within network configurations that utilize Open vSwitch (OVS) and traffic control (TC) mechanisms.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3fa58a6fbd1e9e5682d09cdafb08fba004cb12ec

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4914109a8e1e494c6aa9852f9e84ec77a5fc643f

Linux 6.1.130 <= 6.1.*

References

https://git.kernel.org/stable/c/3fa58a6fbd1e9e5682d09cdaf...

https://git.kernel.org/stable/c/4914109a8e1e494c6aa9852f9...

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Aug 21, 2024