CVE-2023-53492
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53492
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53492.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53492
- Downstream
- Related
- Published
- 2025-10-01T11:45:44Z
- Modified
- 2025-10-21T17:46:41.273730Z
- Summary
- netfilter: nf_tables: do not ignore genmask when looking up chain by id
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: do not ignore genmask when looking up chain by id
When adding a rule to a chain referring to its ID, if that chain had been deleted on the same batch, the rule might end up referring to a deleted chain.
This will lead to a WARNING like following:
[ 33.098431] ------------[ cut here ]------------ [ 33.098678] WARNING: CPU: 5 PID: 69 at net/netfilter/nftablesapi.c:2037 nftableschaindestroy+0x23d/0x260 [ 33.099217] Modules linked in: [ 33.099388] CPU: 5 PID: 69 Comm: kworker/5:1 Not tainted 6.4.0+ #409 [ 33.099726] Workqueue: events nftablestransdestroywork [ 33.100018] RIP: 0010:nftableschaindestroy+0x23d/0x260 [ 33.100306] Code: 8b 7c 24 68 e8 64 9c ed fe 4c 89 e7 e8 5c 9c ed fe 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 89 c6 89 c7 c3 cc cc cc cc <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 89 c6 89 c7 [ 33.101271] RSP: 0018:ffffc900004ffc48 EFLAGS: 00010202 [ 33.101546] RAX: 0000000000000001 RBX: ffff888006fc0a28 RCX: 0000000000000000 [ 33.101920] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 33.102649] RBP: ffffc900004ffc78 R08: 0000000000000000 R09: 0000000000000000 [ 33.103018] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880135ef500 [ 33.103385] R13: 0000000000000000 R14: dead000000000122 R15: ffff888006fc0a10 [ 33.103762] FS: 0000000000000000(0000) GS:ffff888024c80000(0000) knlGS:0000000000000000 [ 33.104184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.104493] CR2: 00007fe863b56a50 CR3: 00000000124b0001 CR4: 0000000000770ee0 [ 33.104872] PKRU: 55555554 [ 33.104999] Call Trace: [ 33.105113] <TASK> [ 33.105214] ? showregs+0x72/0x90 [ 33.105371] ? _warn+0xa5/0x210 [ 33.105520] ? nftableschaindestroy+0x23d/0x260 [ 33.105732] ? reportbug+0x1f2/0x200 [ 33.105902] ? handlebug+0x46/0x90 [ 33.106546] ? excinvalidop+0x19/0x50 [ 33.106762] ? asmexcinvalidop+0x1b/0x20 [ 33.106995] ? nftableschaindestroy+0x23d/0x260 [ 33.107249] ? nftableschaindestroy+0x30/0x260 [ 33.107506] nftablestransdestroywork+0x669/0x680 [ 33.107782] ? markheldlocks+0x28/0xa0 [ 33.107996] ? _pfxnftablestransdestroywork+0x10/0x10 [ 33.108294] ? rawspinunlockirq+0x28/0x70 [ 33.108538] processonework+0x68c/0xb70 [ 33.108755] ? lockacquire+0x17f/0x420 [ 33.108977] ? _pfxprocessonework+0x10/0x10 [ 33.109218] ? dorawspinlock+0x128/0x1d0 [ 33.109435] ? rawspinlockirq+0x71/0x80 [ 33.109634] workerthread+0x2bd/0x700 [ 33.109817] ? _pfxworkerthread+0x10/0x10 [ 33.110254] kthread+0x18b/0x1d0 [ 33.110410] ? _pfxkthread+0x10/0x10 [ 33.110581] retfromfork+0x29/0x50 [ 33.110757] </TASK> [ 33.110866] irq event stamp: 1651 [ 33.111017] hardirqs last enabled at (1659): [<ffffffffa206a209>] _upconsolesem+0x79/0xa0 [ 33.111379] hardirqs last disabled at (1666): [<ffffffffa206a1ee>] _upconsolesem+0x5e/0xa0 [ 33.111740] softirqs last enabled at (1616): [<ffffffffa1f5d40e>] _irqexitrcu+0x9e/0xe0 [ 33.112094] softirqs last disabled at (1367): [<ffffffffa1f5d40e>] _irqexitrcu+0x9e/0xe0 [ 33.112453] ---[ end trace 0000000000000000 ]---
This is due to the nftchainlookup_byid ignoring the genmask. After this change, adding the new rule will fail as it will not find the chain.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/041e2ac88caef286b39064e83e825e3f53113d36
- https://git.kernel.org/stable/c/4ae2e501331aaa506eaf760339bb2f43e5769395
- https://git.kernel.org/stable/c/515ad530795c118f012539ed76d02bacfd426d89
- https://git.kernel.org/stable/c/5e5e967e8505fbdabfb6497367ec1b808cadc356
- https://git.kernel.org/stable/c/fc95c8b02c6160936f1f3d8d9d7f4f66f3c84b49
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced837830a4b439bfeb86c70b0115c280377c84714bFixed4ae2e501331aaa506eaf760339bb2f43e5769395
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced837830a4b439bfeb86c70b0115c280377c84714bFixed041e2ac88caef286b39064e83e825e3f53113d36
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced837830a4b439bfeb86c70b0115c280377c84714bFixedfc95c8b02c6160936f1f3d8d9d7f4f66f3c84b49
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced837830a4b439bfeb86c70b0115c280377c84714bFixed5e5e967e8505fbdabfb6497367ec1b808cadc356
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced837830a4b439bfeb86c70b0115c280377c84714bFixed515ad530795c118f012539ed76d02bacfd426d89
Affected versions
v5.*
v6.*
Database specific
vanir_signatures
[
{
"id": "CVE-2023-53492-1d58757b",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@041e2ac88caef286b39064e83e825e3f53113d36",
"digest": {
"line_hashes": [
"265510028190440477620786849141239768627",
"336816574477194268754314236048566146908",
"228485985375836407995541096455440018489",
"293767561966371229495431519359944001340",
"322197622756175854982328087750225941353",
"6009332530515019923745673942197340009",
"142795553065656168143210641420527475642",
"33286308605804513997901100512082456928",
"107034589782745152132807843046728835248",
"315153479608060889964572419377577717448",
"195329132398009366440467389825416516032",
"130901509244792271192040858472798545787",
"89601461668810742916476425483547364182",
"302562454088562726751412647382818654055",
"206898470176621990717114072220295171378",
"21669302040216044734214114966740386579"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "net/netfilter/nf_tables_api.c"
},
"signature_type": "Line",
"deprecated": false
},
{
"id": "CVE-2023-53492-1e2f7e9d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fc95c8b02c6160936f1f3d8d9d7f4f66f3c84b49",
"digest": {
"line_hashes": [
"265510028190440477620786849141239768627",
"336816574477194268754314236048566146908",
"228485985375836407995541096455440018489",
"293767561966371229495431519359944001340",
"322197622756175854982328087750225941353",
"6009332530515019923745673942197340009",
"142795553065656168143210641420527475642",
"33286308605804513997901100512082456928",
"107034589782745152132807843046728835248",
"315153479608060889964572419377577717448",
"195329132398009366440467389825416516032",
"130901509244792271192040858472798545787",
"89601461668810742916476425483547364182",
"302562454088562726751412647382818654055",
"206898470176621990717114072220295171378",
"21669302040216044734214114966740386579"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "net/netfilter/nf_tables_api.c"
},
"signature_type": "Line",
"deprecated": false
},
{
"id": "CVE-2023-53492-23cdcb41",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4ae2e501331aaa506eaf760339bb2f43e5769395",
"digest": {
"length": 443.0,
"function_hash": "216019115852901721071472703863842005908"
},
"signature_version": "v1",
"target": {
"function": "nft_chain_lookup_byid",
"file": "net/netfilter/nf_tables_api.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53492-3c0c9a45",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4ae2e501331aaa506eaf760339bb2f43e5769395",
"digest": {
"length": 1427.0,
"function_hash": "174495860553615852001997234550685818695"
},
"signature_version": "v1",
"target": {
"function": "nft_verdict_init",
"file": "net/netfilter/nf_tables_api.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53492-68ac9fdc",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4ae2e501331aaa506eaf760339bb2f43e5769395",
"digest": {
"line_hashes": [
"265510028190440477620786849141239768627",
"336816574477194268754314236048566146908",
"221087342607367313734364480617821351774",
"208334025637276223861962414749490607025",
"322197622756175854982328087750225941353",
"6009332530515019923745673942197340009",
"142795553065656168143210641420527475642",
"33286308605804513997901100512082456928",
"107034589782745152132807843046728835248",
"315153479608060889964572419377577717448",
"195329132398009366440467389825416516032",
"130901509244792271192040858472798545787",
"89601461668810742916476425483547364182",
"302562454088562726751412647382818654055",
"206898470176621990717114072220295171378",
"21669302040216044734214114966740386579"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "net/netfilter/nf_tables_api.c"
},
"signature_type": "Line",
"deprecated": false
},
{
"id": "CVE-2023-53492-709dab7f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@041e2ac88caef286b39064e83e825e3f53113d36",
"digest": {
"length": 1427.0,
"function_hash": "174495860553615852001997234550685818695"
},
"signature_version": "v1",
"target": {
"function": "nft_verdict_init",
"file": "net/netfilter/nf_tables_api.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53492-8e4874d9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fc95c8b02c6160936f1f3d8d9d7f4f66f3c84b49",
"digest": {
"length": 424.0,
"function_hash": "64624914250764404541954563160158575901"
},
"signature_version": "v1",
"target": {
"function": "nft_chain_lookup_byid",
"file": "net/netfilter/nf_tables_api.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53492-927d7a03",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@041e2ac88caef286b39064e83e825e3f53113d36",
"digest": {
"length": 424.0,
"function_hash": "64624914250764404541954563160158575901"
},
"signature_version": "v1",
"target": {
"function": "nft_chain_lookup_byid",
"file": "net/netfilter/nf_tables_api.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53492-b2aaca6b",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fc95c8b02c6160936f1f3d8d9d7f4f66f3c84b49",
"digest": {
"length": 1427.0,
"function_hash": "174495860553615852001997234550685818695"
},
"signature_version": "v1",
"target": {
"function": "nft_verdict_init",
"file": "net/netfilter/nf_tables_api.c"
},
"signature_type": "Function",
"deprecated": false
}
]