CVE-2023-53304

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-53304
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53304.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53304
Downstream
Related
Published
2025-09-16T16:11:44Z
Modified
2025-10-21T17:02:33.621981Z
Summary
netfilter: nft_set_rbtree: fix overlap expiration walk
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nftsetrbtree: fix overlap expiration walk

The lazy gc on insert that should remove timed-out entries fails to release the other half of the interval, if any.

Can be reproduced with tests/shell/testcases/sets/0044intervaloverlap0 in nftables.git and kmemleak enabled kernel.

Second bug is the use of rbeprev vs. prev pointer. If rbeprev() returns NULL after at least one iteration, rbe_prev points to element that is not an end interval, hence it should not be removed.

Lastly, check the genmask of the end interval if this is active in the current generation.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7ab87a326f20c52ff4d9972052d085be951c704b
Fixed
8284a79136c384059e85e278da2210b809730287
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
181859bdfb9734aca449512fccaee4cacce64aed
Fixed
acaee227cf79c45a5d2d49c3e9a66333a462802c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4aacf3d78424293e318c616016865380b37b9cc5
Fixed
893cb3c3513cf661a0ff45fe0cfa83fe27131f76
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2bf1435fa19d2c58054391b3bba40d5510a5758c
Fixed
50cbb9d195c197af671869c8cadce3bd483735a0
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
318cb24a4c3fce8140afaf84e4d45fcb76fb280b
Fixed
89a4d1a89751a0fbd520e64091873e19cc0979e8
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c9e6978e2725a7d4b6cd23b2facd3f11422c0643
Fixed
cd66733932399475fe933cb3ec03e687ed401462
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c9e6978e2725a7d4b6cd23b2facd3f11422c0643
Fixed
f718863aca469a109895cb855e6b81fff4827d71

Affected versions

v5.*

v5.10.166
v5.10.167
v5.10.168
v5.10.169
v5.10.170
v5.10.171
v5.10.172
v5.10.173
v5.10.174
v5.10.175
v5.10.176
v5.10.177
v5.10.178
v5.10.179
v5.10.180
v5.10.181
v5.10.182
v5.10.183
v5.10.184
v5.10.185
v5.10.186
v5.10.187
v5.10.188
v5.10.189
v5.15.100
v5.15.101
v5.15.102
v5.15.103
v5.15.104
v5.15.105
v5.15.106
v5.15.107
v5.15.108
v5.15.109
v5.15.110
v5.15.111
v5.15.112
v5.15.113
v5.15.114
v5.15.115
v5.15.116
v5.15.117
v5.15.118
v5.15.119
v5.15.120
v5.15.121
v5.15.122
v5.15.123
v5.15.91
v5.15.92
v5.15.93
v5.15.94
v5.15.95
v5.15.96
v5.15.97
v5.15.98
v5.15.99

v6.*

v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.40
v6.1.41
v6.1.42
v6.1.9
v6.2
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.4.1
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.4.7
v6.5-rc1
v6.5-rc2

Database specific

vanir_signatures

[
    {
        "id": "CVE-2023-53304-017d5466",
        "target": {
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "line_hashes": [
                "53172599047333514096758690419117826547",
                "273442660338655390814777516518140518827",
                "107990530882356724053403499416811575039",
                "199159222258857346756457025308483287309",
                "133856760659744056907656148284173067593",
                "122179434421342771279288655758536261000",
                "231492451486480431822371260776326942809",
                "158786902479737354811207307632381863672",
                "313074012963881649217144033617003271373",
                "138599083326748678734688788373613660777",
                "269227455918778153461533120620964091901",
                "323960449169383982679443959241827353966",
                "326064532413314920388957192634516358720",
                "207267448997991820784992407744505587893",
                "19302396390207800904103248875952713451",
                "208847150745767814484747211404062346941",
                "318880427682731914861767394515328648563",
                "104259889122266342905224245041086875029",
                "231155644174713330839940613659393861220",
                "233397430950564116502434483132624032398",
                "211360622668213237468422872753589672548",
                "263722148224009607872260343116378582401",
                "113394037531380563656344138958441940818",
                "302337775697281697137173066534376476819",
                "91573496095094877497621727838252969140"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@acaee227cf79c45a5d2d49c3e9a66333a462802c"
    },
    {
        "id": "CVE-2023-53304-0245bcb7",
        "target": {
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "line_hashes": [
                "53172599047333514096758690419117826547",
                "273442660338655390814777516518140518827",
                "107990530882356724053403499416811575039",
                "199159222258857346756457025308483287309",
                "133856760659744056907656148284173067593",
                "122179434421342771279288655758536261000",
                "231492451486480431822371260776326942809",
                "158786902479737354811207307632381863672",
                "313074012963881649217144033617003271373",
                "138599083326748678734688788373613660777",
                "269227455918778153461533120620964091901",
                "323960449169383982679443959241827353966",
                "326064532413314920388957192634516358720",
                "207267448997991820784992407744505587893",
                "19302396390207800904103248875952713451",
                "208847150745767814484747211404062346941",
                "318880427682731914861767394515328648563",
                "104259889122266342905224245041086875029",
                "231155644174713330839940613659393861220",
                "233397430950564116502434483132624032398",
                "211360622668213237468422872753589672548",
                "263722148224009607872260343116378582401",
                "113394037531380563656344138958441940818",
                "302337775697281697137173066534376476819",
                "91573496095094877497621727838252969140"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@50cbb9d195c197af671869c8cadce3bd483735a0"
    },
    {
        "id": "CVE-2023-53304-213ff665",
        "target": {
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "line_hashes": [
                "53172599047333514096758690419117826547",
                "273442660338655390814777516518140518827",
                "107990530882356724053403499416811575039",
                "199159222258857346756457025308483287309",
                "133856760659744056907656148284173067593",
                "122179434421342771279288655758536261000",
                "231492451486480431822371260776326942809",
                "158786902479737354811207307632381863672",
                "313074012963881649217144033617003271373",
                "138599083326748678734688788373613660777",
                "269227455918778153461533120620964091901",
                "323960449169383982679443959241827353966",
                "326064532413314920388957192634516358720",
                "207267448997991820784992407744505587893",
                "19302396390207800904103248875952713451",
                "208847150745767814484747211404062346941",
                "318880427682731914861767394515328648563",
                "104259889122266342905224245041086875029",
                "231155644174713330839940613659393861220",
                "233397430950564116502434483132624032398",
                "211360622668213237468422872753589672548",
                "263722148224009607872260343116378582401",
                "113394037531380563656344138958441940818",
                "302337775697281697137173066534376476819",
                "91573496095094877497621727838252969140"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89a4d1a89751a0fbd520e64091873e19cc0979e8"
    },
    {
        "id": "CVE-2023-53304-2efe7a61",
        "target": {
            "function": "nft_rbtree_gc_elem",
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "length": 616.0,
            "function_hash": "312016713040669789940659515556522880107"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@893cb3c3513cf661a0ff45fe0cfa83fe27131f76"
    },
    {
        "id": "CVE-2023-53304-4370ec32",
        "target": {
            "function": "nft_rbtree_gc_elem",
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "length": 616.0,
            "function_hash": "312016713040669789940659515556522880107"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@acaee227cf79c45a5d2d49c3e9a66333a462802c"
    },
    {
        "id": "CVE-2023-53304-6210b43d",
        "target": {
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "line_hashes": [
                "53172599047333514096758690419117826547",
                "273442660338655390814777516518140518827",
                "107990530882356724053403499416811575039",
                "199159222258857346756457025308483287309",
                "133856760659744056907656148284173067593",
                "122179434421342771279288655758536261000",
                "231492451486480431822371260776326942809",
                "158786902479737354811207307632381863672",
                "313074012963881649217144033617003271373",
                "138599083326748678734688788373613660777",
                "269227455918778153461533120620964091901",
                "323960449169383982679443959241827353966",
                "326064532413314920388957192634516358720",
                "207267448997991820784992407744505587893",
                "19302396390207800904103248875952713451",
                "208847150745767814484747211404062346941",
                "318880427682731914861767394515328648563",
                "104259889122266342905224245041086875029",
                "231155644174713330839940613659393861220",
                "233397430950564116502434483132624032398",
                "211360622668213237468422872753589672548",
                "263722148224009607872260343116378582401",
                "113394037531380563656344138958441940818",
                "302337775697281697137173066534376476819",
                "91573496095094877497621727838252969140"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8284a79136c384059e85e278da2210b809730287"
    },
    {
        "id": "CVE-2023-53304-76915c66",
        "target": {
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "line_hashes": [
                "53172599047333514096758690419117826547",
                "273442660338655390814777516518140518827",
                "107990530882356724053403499416811575039",
                "199159222258857346756457025308483287309",
                "133856760659744056907656148284173067593",
                "122179434421342771279288655758536261000",
                "231492451486480431822371260776326942809",
                "158786902479737354811207307632381863672",
                "313074012963881649217144033617003271373",
                "138599083326748678734688788373613660777",
                "269227455918778153461533120620964091901",
                "323960449169383982679443959241827353966",
                "326064532413314920388957192634516358720",
                "207267448997991820784992407744505587893",
                "19302396390207800904103248875952713451",
                "208847150745767814484747211404062346941",
                "318880427682731914861767394515328648563",
                "104259889122266342905224245041086875029",
                "231155644174713330839940613659393861220",
                "233397430950564116502434483132624032398",
                "211360622668213237468422872753589672548",
                "263722148224009607872260343116378582401",
                "113394037531380563656344138958441940818",
                "302337775697281697137173066534376476819",
                "91573496095094877497621727838252969140"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd66733932399475fe933cb3ec03e687ed401462"
    },
    {
        "id": "CVE-2023-53304-7c9d7064",
        "target": {
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "line_hashes": [
                "53172599047333514096758690419117826547",
                "273442660338655390814777516518140518827",
                "107990530882356724053403499416811575039",
                "199159222258857346756457025308483287309",
                "133856760659744056907656148284173067593",
                "122179434421342771279288655758536261000",
                "231492451486480431822371260776326942809",
                "158786902479737354811207307632381863672",
                "313074012963881649217144033617003271373",
                "138599083326748678734688788373613660777",
                "269227455918778153461533120620964091901",
                "323960449169383982679443959241827353966",
                "326064532413314920388957192634516358720",
                "207267448997991820784992407744505587893",
                "19302396390207800904103248875952713451",
                "208847150745767814484747211404062346941",
                "318880427682731914861767394515328648563",
                "104259889122266342905224245041086875029",
                "231155644174713330839940613659393861220",
                "233397430950564116502434483132624032398",
                "211360622668213237468422872753589672548",
                "263722148224009607872260343116378582401",
                "113394037531380563656344138958441940818",
                "302337775697281697137173066534376476819",
                "91573496095094877497621727838252969140"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@893cb3c3513cf661a0ff45fe0cfa83fe27131f76"
    },
    {
        "id": "CVE-2023-53304-82e31f45",
        "target": {
            "function": "nft_rbtree_gc_elem",
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "length": 616.0,
            "function_hash": "312016713040669789940659515556522880107"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8284a79136c384059e85e278da2210b809730287"
    },
    {
        "id": "CVE-2023-53304-96a9324c",
        "target": {
            "function": "nft_rbtree_gc_elem",
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "length": 616.0,
            "function_hash": "312016713040669789940659515556522880107"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@50cbb9d195c197af671869c8cadce3bd483735a0"
    },
    {
        "id": "CVE-2023-53304-a3ef70d2",
        "target": {
            "function": "nft_rbtree_gc_elem",
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "length": 616.0,
            "function_hash": "312016713040669789940659515556522880107"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd66733932399475fe933cb3ec03e687ed401462"
    },
    {
        "id": "CVE-2023-53304-b274d036",
        "target": {
            "function": "nft_rbtree_gc_elem",
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "length": 616.0,
            "function_hash": "312016713040669789940659515556522880107"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89a4d1a89751a0fbd520e64091873e19cc0979e8"
    },
    {
        "id": "CVE-2023-53304-f45fb1be",
        "target": {
            "function": "nft_rbtree_gc_elem",
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "length": 616.0,
            "function_hash": "312016713040669789940659515556522880107"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f718863aca469a109895cb855e6b81fff4827d71"
    },
    {
        "id": "CVE-2023-53304-f81372b5",
        "target": {
            "file": "net/netfilter/nft_set_rbtree.c"
        },
        "digest": {
            "line_hashes": [
                "53172599047333514096758690419117826547",
                "273442660338655390814777516518140518827",
                "107990530882356724053403499416811575039",
                "199159222258857346756457025308483287309",
                "133856760659744056907656148284173067593",
                "122179434421342771279288655758536261000",
                "231492451486480431822371260776326942809",
                "158786902479737354811207307632381863672",
                "313074012963881649217144033617003271373",
                "138599083326748678734688788373613660777",
                "269227455918778153461533120620964091901",
                "323960449169383982679443959241827353966",
                "326064532413314920388957192634516358720",
                "207267448997991820784992407744505587893",
                "19302396390207800904103248875952713451",
                "208847150745767814484747211404062346941",
                "318880427682731914861767394515328648563",
                "104259889122266342905224245041086875029",
                "231155644174713330839940613659393861220",
                "233397430950564116502434483132624032398",
                "211360622668213237468422872753589672548",
                "263722148224009607872260343116378582401",
                "113394037531380563656344138958441940818",
                "302337775697281697137173066534376476819",
                "91573496095094877497621727838252969140"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f718863aca469a109895cb855e6b81fff4827d71"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.190
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.124
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.43
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.4.8