CVE-2023-53304
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-12-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.10.166 (inc) to 5.10.190 (exc) |
| linux | linux_kernel | From 5.15.91 (inc) to 5.15.124 (exc) |
| linux | linux_kernel | From 6.1.9 (inc) to 6.1.43 (exc) |
| linux | linux_kernel | From 6.2.1 (inc) to 6.4.8 (exc) |
| linux | linux_kernel | 6.2 |
| linux | linux_kernel | 6.2 |
| linux | linux_kernel | 6.2 |
| linux | linux_kernel | 6.2 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's netfilter nft_set_rbtree component involves a flaw in the lazy garbage collection process during insert operations. Specifically, timed-out entries are not fully removed because the process fails to release the other half of the interval if it exists. Additionally, there is a bug related to the use of rbe_prev versus the prev pointer, where rbe_prev() may return NULL incorrectly, leading to improper removal of elements. There is also an issue with checking the genmask of the end interval in the current generation. These bugs affect the correct management of interval entries in nftables.
How can this vulnerability impact me? :
The vulnerability can lead to improper removal of timed-out entries in the nftables interval sets, potentially causing stale or overlapping interval entries to persist. This may result in incorrect firewall or network filtering behavior, which could affect system security or network traffic management.