Buffer Overflow in Linux Kernel Affecting Netfilter Conntrack
CVE-2023-53333

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2023-53333?

The vulnerability within the Linux kernel's netfilter conntrack subsystem allows for a buffer overflow due to inadequate handling of DCCP packet headers. The function nf_conntrack_dccp_packet fails to properly validate the size of incoming headers before copying them to the stack, potentially leading to out-of-bounds memory access. This security flaw could be exploited by malicious packets, allowing for further attacks or system instability. A fix has been implemented to expand the stack buffer and validate additional packet parameters, reinforcing the security measures for connection tracking.

Affected Version(s)

Linux 2bc780499aa33311ec0f3e42624dfaa7be0ade5e < 337fdce450637ea663bc816edc2ba81e5cdad02e

Linux 2bc780499aa33311ec0f3e42624dfaa7be0ade5e < 9bdcda7abaf22f6453e5b5efb7eb4e524095d5d8

Linux 2bc780499aa33311ec0f3e42624dfaa7be0ade5e

References

https://git.kernel.org/stable/c/337fdce450637ea663bc816ed...

https://git.kernel.org/stable/c/9bdcda7abaf22f6453e5b5efb...

https://git.kernel.org/stable/c/c052797ac36813419ad3bfa54...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Sep 16, 2025