csaf_certbund - wid-sec-w-2025-0265

WID-SEC-W-2025-0265

Vulnerability from csaf_certbund - Published: 2025-02-04 23:00 - Updated: 2025-06-03 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um Daten zu manipulieren und um einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "niedrig"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um Daten zu manipulieren und um einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0265 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0265.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0265 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0265"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-52924",
        "url": "https://lore.kernel.org/linux-cve-announce/2025020500-CVE-2023-52924-03d7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-52925",
        "url": "https://lore.kernel.org/linux-cve-announce/2025020502-CVE-2023-52925-0b0e@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0784-1 vom 2025-03-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020484.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0834-1 vom 2025-03-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020497.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0847-1 vom 2025-03-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020505.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OSPHACQPT5GWCIN3WJL55RCYA4OHTBLI/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/OSPHACQPT5GWCIN3WJL55RCYA4OHTBLI/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0855-1 vom 2025-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020509.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0855-1 vom 2025-03-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/OVTPVRIMWEEQPMDTJ24J7EW5NO7I4MQK/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020508.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0855-1 vom 2025-03-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OVTPVRIMWEEQPMDTJ24J7EW5NO7I4MQK/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0867-1 vom 2025-03-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020514.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0955-1 vom 2025-03-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020563.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-213 vom 2025-05-30",
        "url": "https://www.dell.com/support/kbdoc/de-de/000326299/dsa-2025-213-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-multiple-third-party-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20260-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021058.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20270-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021056.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20192-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021150.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-03T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-04T10:34:03.870+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0265",
      "initial_release_date": "2025-02-04T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-02-04T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-03-05T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-03-11T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-03-12T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-03-13T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-03-16T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-03-19T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-05-29T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2025-06-03T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell Avamar",
            "product": {
              "name": "Dell Avamar",
              "product_id": "T039664",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:avamar:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell NetWorker",
            "product": {
              "name": "Dell NetWorker",
              "product_id": "T034583",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:networker:virtual"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T008144",
              "product_identification_helper": {
                "cpe": "cpe:/a:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-52925",
      "product_status": {
        "known_affected": [
          "T002207",
          "T034583",
          "T008144",
          "T039664"
        ]
      },
      "release_date": "2025-02-04T23:00:00.000+00:00",
      "title": "CVE-2023-52925"
    },
    {
      "cve": "CVE-2023-52924",
      "product_status": {
        "known_affected": [
          "T002207",
          "T034583",
          "T008144",
          "T039664"
        ]
      },
      "release_date": "2025-02-04T23:00:00.000+00:00",
      "title": "CVE-2023-52924"
    }
  ]
}

CVE-2023-52925 (GCVE-0-2023-52925)

Vulnerability from cvelistv5 – Published: 2025-02-05 09:07 – Updated: 2025-05-04 12:49

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't fail inserts if duplicate has expired nftables selftests fail: run-tests.sh testcases/sets/0044interval_overlap_0 Expected: 0-2 . 0-3, got: W: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1 Insertion must ignore duplicate but expired entries. Moreover, there is a strange asymmetry in nft_pipapo_activate: It refetches the current element, whereas the other ->activate callbacks (bitmap, hash, rhash, rbtree) use elem->priv. Same for .remove: other set implementations take elem->priv, nft_pipapo_remove fetches elem->priv, then does a relookup, remove this. I suspect this was the reason for the change that prompted the removal of the expired check in pipapo_get() in the first place, but skipping exired elements there makes no sense to me, this helper is used for normal get requests, insertions (duplicate check) and deactivate callback. In first two cases expired elements must be skipped. For ->deactivate(), this gets called for DELSETELEM, so it seems to me that expired elements should be skipped as well, i.e. delete request should fail with -ENOENT error.

Severity ?

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/891ca5dfe3b718b44…
	https://git.kernel.org/stable/c/af78b0489e8898a8c…
	https://git.kernel.org/stable/c/59ee68c437c562170…
	https://git.kernel.org/stable/c/156369a702c33ad54…
	https://git.kernel.org/stable/c/7845914f45f066497…

Impacted products

Vendor

Product

Version

Linux

Affected: b15ea4017af82011dd55225ce77cce3d4dfc169c , < 891ca5dfe3b718b441fc786014a7ba8f517da188 (git)
Affected: 7c7e658a36f8b1522bd3586d8137e5f93a25ddc5 , < af78b0489e8898a8c9449ffc0fdd2e181916f0d4 (git)
Affected: 59dab3bf0b8fc08eb802721c0532f13dd89209b8 , < 59ee68c437c562170265194a99698c805a686bb3 (git)
Affected: bd156ce9553dcaf2d6ee2c825d1a5a1718e86524 , < 156369a702c33ad5434a19c3a689bfb836d4e0b8 (git)
Affected: 24138933b97b055d486e8064b4a1721702442a9b , < 7845914f45f066497ac75b30c50dbc735e84e884 (git)
Affected: 94313a196b44184b5b52c1876da6a537701b425a (git)
Affected: 1da4874d05da1526b11b82fc7f3c7ac38749ddf8 (git)

Linux

Affected: 6.4.11 , < 6.4.12 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.2,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52925",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T15:12:24.648776Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-06T15:12:27.810Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_set_pipapo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "891ca5dfe3b718b441fc786014a7ba8f517da188",
              "status": "affected",
              "version": "b15ea4017af82011dd55225ce77cce3d4dfc169c",
              "versionType": "git"
            },
            {
              "lessThan": "af78b0489e8898a8c9449ffc0fdd2e181916f0d4",
              "status": "affected",
              "version": "7c7e658a36f8b1522bd3586d8137e5f93a25ddc5",
              "versionType": "git"
            },
            {
              "lessThan": "59ee68c437c562170265194a99698c805a686bb3",
              "status": "affected",
              "version": "59dab3bf0b8fc08eb802721c0532f13dd89209b8",
              "versionType": "git"
            },
            {
              "lessThan": "156369a702c33ad5434a19c3a689bfb836d4e0b8",
              "status": "affected",
              "version": "bd156ce9553dcaf2d6ee2c825d1a5a1718e86524",
              "versionType": "git"
            },
            {
              "lessThan": "7845914f45f066497ac75b30c50dbc735e84e884",
              "status": "affected",
              "version": "24138933b97b055d486e8064b4a1721702442a9b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "94313a196b44184b5b52c1876da6a537701b425a",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "1da4874d05da1526b11b82fc7f3c7ac38749ddf8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_set_pipapo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6.4.12",
              "status": "affected",
              "version": "6.4.11",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.12",
                  "versionStartIncluding": "6.4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.316",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.262",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED]     ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:49:52.404Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/891ca5dfe3b718b441fc786014a7ba8f517da188"
        },
        {
          "url": "https://git.kernel.org/stable/c/af78b0489e8898a8c9449ffc0fdd2e181916f0d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/59ee68c437c562170265194a99698c805a686bb3"
        },
        {
          "url": "https://git.kernel.org/stable/c/156369a702c33ad5434a19c3a689bfb836d4e0b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/7845914f45f066497ac75b30c50dbc735e84e884"
        }
      ],
      "title": "netfilter: nf_tables: don\u0027t fail inserts if duplicate has expired",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52925",
    "datePublished": "2025-02-05T09:07:56.434Z",
    "dateReserved": "2024-08-21T06:07:11.018Z",
    "dateUpdated": "2025-05-04T12:49:52.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52924 (GCVE-0-2023-52924)

Vulnerability from cvelistv5 – Published: 2025-02-05 09:07 – Updated: 2025-05-04 07:46

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map ("1.2.3.4 : jump foo") 2. timeouts are enabled In this case, following sequence is problematic: 1. element E in set S refers to chain C 2. userspace requests removal of set S 3. kernel does a set walk to decrement chain->use count for all elements from preparation phase 4. kernel does another set walk to remove elements from the commit phase (or another walk to do a chain->use increment for all elements from abort phase) If E has already expired in 1), it will be ignored during list walk, so its use count won't have been changed. Then, when set is culled, ->destroy callback will zap the element via nf_tables_set_elem_destroy(), but this function is only safe for elements that have been deactivated earlier from the preparation phase: lack of earlier deactivate removes the element but leaks the chain use count, which results in a WARN splat when the chain gets removed later, plus a leak of the nft_chain structure. Update pipapo_get() not to skip expired elements, otherwise flush command reports bogus ENOENT errors.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/94313a196b44184b5…
	https://git.kernel.org/stable/c/1da4874d05da1526b…
	https://git.kernel.org/stable/c/b15ea4017af82011d…
	https://git.kernel.org/stable/c/7c7e658a36f8b1522…
	https://git.kernel.org/stable/c/59dab3bf0b8fc08eb…
	https://git.kernel.org/stable/c/bd156ce9553dcaf2d…
	https://git.kernel.org/stable/c/24138933b97b055d4…

Impacted products

Vendor

Product

Version

Linux

Affected: 9d0982927e79049675cb6c6c04a0ebb3dad5a434 , < 94313a196b44184b5b52c1876da6a537701b425a (git)
Affected: 9d0982927e79049675cb6c6c04a0ebb3dad5a434 , < 1da4874d05da1526b11b82fc7f3c7ac38749ddf8 (git)
Affected: 9d0982927e79049675cb6c6c04a0ebb3dad5a434 , < b15ea4017af82011dd55225ce77cce3d4dfc169c (git)
Affected: 9d0982927e79049675cb6c6c04a0ebb3dad5a434 , < 7c7e658a36f8b1522bd3586d8137e5f93a25ddc5 (git)
Affected: 9d0982927e79049675cb6c6c04a0ebb3dad5a434 , < 59dab3bf0b8fc08eb802721c0532f13dd89209b8 (git)
Affected: 9d0982927e79049675cb6c6c04a0ebb3dad5a434 , < bd156ce9553dcaf2d6ee2c825d1a5a1718e86524 (git)
Affected: 9d0982927e79049675cb6c6c04a0ebb3dad5a434 , < 24138933b97b055d486e8064b4a1721702442a9b (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.262 , ≤ 5.4.* (semver)
Unaffected: 5.10.198 , ≤ 5.10.* (semver)
Unaffected: 5.15.134 , ≤ 5.15.* (semver)
Unaffected: 6.1.56 , ≤ 6.1.* (semver)
Unaffected: 6.4.11 , ≤ 6.4.* (semver)
Unaffected: 6.5 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c",
            "net/netfilter/nft_set_hash.c",
            "net/netfilter/nft_set_pipapo.c",
            "net/netfilter/nft_set_rbtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "94313a196b44184b5b52c1876da6a537701b425a",
              "status": "affected",
              "version": "9d0982927e79049675cb6c6c04a0ebb3dad5a434",
              "versionType": "git"
            },
            {
              "lessThan": "1da4874d05da1526b11b82fc7f3c7ac38749ddf8",
              "status": "affected",
              "version": "9d0982927e79049675cb6c6c04a0ebb3dad5a434",
              "versionType": "git"
            },
            {
              "lessThan": "b15ea4017af82011dd55225ce77cce3d4dfc169c",
              "status": "affected",
              "version": "9d0982927e79049675cb6c6c04a0ebb3dad5a434",
              "versionType": "git"
            },
            {
              "lessThan": "7c7e658a36f8b1522bd3586d8137e5f93a25ddc5",
              "status": "affected",
              "version": "9d0982927e79049675cb6c6c04a0ebb3dad5a434",
              "versionType": "git"
            },
            {
              "lessThan": "59dab3bf0b8fc08eb802721c0532f13dd89209b8",
              "status": "affected",
              "version": "9d0982927e79049675cb6c6c04a0ebb3dad5a434",
              "versionType": "git"
            },
            {
              "lessThan": "bd156ce9553dcaf2d6ee2c825d1a5a1718e86524",
              "status": "affected",
              "version": "9d0982927e79049675cb6c6c04a0ebb3dad5a434",
              "versionType": "git"
            },
            {
              "lessThan": "24138933b97b055d486e8064b4a1721702442a9b",
              "status": "affected",
              "version": "9d0982927e79049675cb6c6c04a0ebb3dad5a434",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c",
            "net/netfilter/nft_set_hash.c",
            "net/netfilter/nft_set_pipapo.c",
            "net/netfilter/nft_set_rbtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.262",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.198",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.134",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.56",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.262",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.198",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.134",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.56",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.11",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n   from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n   (or another walk to do a chain-\u003euse increment for all elements from\n    abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:46:06.745Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/94313a196b44184b5b52c1876da6a537701b425a"
        },
        {
          "url": "https://git.kernel.org/stable/c/1da4874d05da1526b11b82fc7f3c7ac38749ddf8"
        },
        {
          "url": "https://git.kernel.org/stable/c/b15ea4017af82011dd55225ce77cce3d4dfc169c"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c7e658a36f8b1522bd3586d8137e5f93a25ddc5"
        },
        {
          "url": "https://git.kernel.org/stable/c/59dab3bf0b8fc08eb802721c0532f13dd89209b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd156ce9553dcaf2d6ee2c825d1a5a1718e86524"
        },
        {
          "url": "https://git.kernel.org/stable/c/24138933b97b055d486e8064b4a1721702442a9b"
        }
      ],
      "title": "netfilter: nf_tables: don\u0027t skip expired elements during walk",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52924",
    "datePublished": "2025-02-05T09:07:55.418Z",
    "dateReserved": "2024-08-21T06:07:11.018Z",
    "dateUpdated": "2025-05-04T07:46:06.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-0265

CVE-2023-52925 (GCVE-0-2023-52925)

CVE-2023-52924 (GCVE-0-2023-52924)

Tags

Sightings

Nomenclature