GHSA-6474-WRGG-8QCW
Vulnerability from github – Published: 2025-10-22 15:31 – Updated: 2025-10-22 15:31In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: deactivate anonymous set from preparation phase
[ backport for 4.14 of c1592a89942e9678f7d9c8030efa777c0d57edab ]
Toggle deleted anonymous sets as inactive in the next generation, so users cannot perform any update on it. Clear the generation bitmask in case the transaction is aborted.
The following KASAN splat shows a set element deletion for a bound anonymous set that has been already removed in the same transaction.
[ 64.921510] ================================================================== [ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables] [ 64.924745] Write of size 8 at addr dead000000000122 by task test/890 [ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253 [ 64.931120] Call Trace: [ 64.932699] [ 64.934292] dump_stack_lvl+0x33/0x50 [ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables] [ 64.937551] kasan_report+0xda/0x120 [ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables] [ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables] [ 64.942452] ? __kasan_slab_alloc+0x2d/0x60 [ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables] [ 64.945710] ? kasan_set_track+0x21/0x30 [ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink] [ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]
{
"affected": [],
"aliases": [
"CVE-2023-53701"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-22T14:15:44Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: deactivate anonymous set from preparation phase\n\n[ backport for 4.14 of c1592a89942e9678f7d9c8030efa777c0d57edab ]\n\nToggle deleted anonymous sets as inactive in the next generation, so\nusers cannot perform any update on it. Clear the generation bitmask\nin case the transaction is aborted.\n\nThe following KASAN splat shows a set element deletion for a bound\nanonymous set that has been already removed in the same transaction.\n\n[ 64.921510] ==================================================================\n[ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]\n[ 64.924745] Write of size 8 at addr dead000000000122 by task test/890\n[ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253\n[ 64.931120] Call Trace:\n[ 64.932699] \u003cTASK\u003e\n[ 64.934292] dump_stack_lvl+0x33/0x50\n[ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables]\n[ 64.937551] kasan_report+0xda/0x120\n[ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables]\n[ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables]\n[ 64.942452] ? __kasan_slab_alloc+0x2d/0x60\n[ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]\n[ 64.945710] ? kasan_set_track+0x21/0x30\n[ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]\n[ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]",
"id": "GHSA-6474-wrgg-8qcw",
"modified": "2025-10-22T15:31:10Z",
"published": "2025-10-22T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53701"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86572872505023e3bb461b271c2f25fdaa3dfcd7"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.