CVE-2023-52433
MEDIUMLinux Kernel 6.5-6.5.3 - Use-After-Free in nft_set_rbtree Transaction Handling
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an already released object. Once transaction is finished, async GC will collect such expired element.
References (8)
Core 8
Core References
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240828-0003/
Scores
CVSS v3
4.4
EPSS
0.0002
EPSS Percentile
7.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-273
Status
published
Products (16)
Linux/Linux
< 6.5
Linux/Linux
146c76866795553dbc19998f36718d7986ad302b - c323ed65f66e5387ee0a73452118d49f1dae81b8
Linux/Linux
479a2cf5259347d6a1f658b0f791d27a34908e91 - 9af7dfb3c9d7985172a240f85e684c5cd33e29ce
Linux/Linux
6.4.11 - 6.5
Linux/Linux
6.5
Linux/Linux
6.5.4 - 6.5.*
Linux/Linux
6.6
Linux/Linux
c357648929c8dff891502349769aafb8f0452bc2 - 03caf75da1059f0460666c826e9f50e13dfd0017
Linux/Linux
cb4d00b563675ba8ff6ef94b077f58d816f68ba3 - 9db9feb841f7449772f9393c16b9ef4536d8c127
Linux/Linux
df650d6a4bf47248261b61ef6b174d7c54034d15 - 9a8c544158f68f656d1734eb5ba00c4f817b76b1
... and 6 more
Published
Feb 20, 2024
Tracked Since
Feb 18, 2026