CVE-2023-53304
netfilter: nft_set_rbtree: fix overlap expiration walk
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
16 Sep 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: fix overlap expiration walk
The lazy gc on insert that should remove timed-out entries fails to release
the other half of the interval, if any.
Can be reproduced with tests/shell/testcases/sets/0044interval_overlap_0
in nftables.git and kmemleak enabled kernel.
Second bug is the use of rbe_prev vs. prev pointer.
If rbe_prev() returns NULL after at least one iteration, rbe_prev points
to element that is not an end interval, hence it should not be removed.
Lastly, check the genmask of the end interval if this is active in the
current generation.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Linux · LinuxReferences
https://git.kernel.org/stable/c/50cbb9d195c197af671869c8cadce3bd483735a0https://git.kernel.org/stable/c/8284a79136c384059e85e278da2210b809730287https://git.kernel.org/stable/c/893cb3c3513cf661a0ff45fe0cfa83fe27131f76https://git.kernel.org/stable/c/89a4d1a89751a0fbd520e64091873e19cc0979e8https://git.kernel.org/stable/c/acaee227cf79c45a5d2d49c3e9a66333a462802chttps://git.kernel.org/stable/c/cd66733932399475fe933cb3ec03e687ed401462https://git.kernel.org/stable/c/f718863aca469a109895cb855e6b81fff4827d71