ghsa-6474-wrgg-8qcw
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: deactivate anonymous set from preparation phase
[ backport for 4.14 of c1592a89942e9678f7d9c8030efa777c0d57edab ]
Toggle deleted anonymous sets as inactive in the next generation, so users cannot perform any update on it. Clear the generation bitmask in case the transaction is aborted.
The following KASAN splat shows a set element deletion for a bound anonymous set that has been already removed in the same transaction.
[ 64.921510] ================================================================== [ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables] [ 64.924745] Write of size 8 at addr dead000000000122 by task test/890 [ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253 [ 64.931120] Call Trace: [ 64.932699] [ 64.934292] dump_stack_lvl+0x33/0x50 [ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables] [ 64.937551] kasan_report+0xda/0x120 [ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables] [ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables] [ 64.942452] ? __kasan_slab_alloc+0x2d/0x60 [ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables] [ 64.945710] ? kasan_set_track+0x21/0x30 [ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink] [ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]
{
"affected": [],
"aliases": [
"CVE-2023-53701"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-22T14:15:44Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: deactivate anonymous set from preparation phase\n\n[ backport for 4.14 of c1592a89942e9678f7d9c8030efa777c0d57edab ]\n\nToggle deleted anonymous sets as inactive in the next generation, so\nusers cannot perform any update on it. Clear the generation bitmask\nin case the transaction is aborted.\n\nThe following KASAN splat shows a set element deletion for a bound\nanonymous set that has been already removed in the same transaction.\n\n[ 64.921510] ==================================================================\n[ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]\n[ 64.924745] Write of size 8 at addr dead000000000122 by task test/890\n[ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253\n[ 64.931120] Call Trace:\n[ 64.932699] \u003cTASK\u003e\n[ 64.934292] dump_stack_lvl+0x33/0x50\n[ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables]\n[ 64.937551] kasan_report+0xda/0x120\n[ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables]\n[ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables]\n[ 64.942452] ? __kasan_slab_alloc+0x2d/0x60\n[ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]\n[ 64.945710] ? kasan_set_track+0x21/0x30\n[ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]\n[ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]",
"id": "GHSA-6474-wrgg-8qcw",
"modified": "2025-10-22T15:31:10Z",
"published": "2025-10-22T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53701"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86572872505023e3bb461b271c2f25fdaa3dfcd7"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.