CVE-2023-54035
Reference Counter Underflow in Linux Kernel netfilter nf_tables
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's netfilter nf_tables component. It involves an error in managing reference counters for chains when adding set elements. Specifically, the reference counter for chains is decremented twice erroneously: once when an element is released and again via nft_data_release(). A previous fix incorrectly removed a necessary decrement, causing issues. The final fix restores the correct decrement behavior to ensure the reference counter is decremented only once, preventing underflow.
How can this vulnerability impact me? :
The vulnerability can cause the reference counter for chains in nf_tables to underflow due to incorrect decrementing. This could potentially lead to memory management issues such as use-after-free or other stability problems in the Linux kernel's netfilter subsystem, which might affect system reliability or security.