Linux Kernel Netfilter Vulnerability Affects Chain Rule Handling
CVE-2023-53492
What is CVE-2023-53492?
A vulnerability in the Linux Kernel's netfilter component allows for the potential mishandling of chain rules when a chain is deleted within the same batch. Specifically, when attempting to add a new rule that refers to a chain ID that has been recently deleted, the lookup may ignore the current generation mask. As a result, this can produce warnings during operation, indicating that the rule may end up targeting a non-existent chain, leading to unexpected behavior in network filtering processes. This issue underscores the importance of proper chain management within netfilter configurations.
Affected Version(s)
Linux 837830a4b439bfeb86c70b0115c280377c84714b < 4ae2e501331aaa506eaf760339bb2f43e5769395
Linux 837830a4b439bfeb86c70b0115c280377c84714b < 041e2ac88caef286b39064e83e825e3f53113d36
Linux 837830a4b439bfeb86c70b0115c280377c84714b