Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.
Exploits (2)
nomisec
WORKING POC
1 stars
by HoangNhoo · poc
https://github.com/HoangNhoo/Reproduce-CVE-2023-52927
References (4)
Core 4
Core References
Exploit, Technical Description
https://seadragnol.github.io/posts/CVE-2023-52927/
Issue Tracking, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Scores
CVSS v3
7.8
EPSS
0.0002
EPSS Percentile
6.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (2)
debian/debian_linux
11.0
linux/linux_kernel
5.18 - 6.1.130
Published
Mar 14, 2025
Tracked Since
Feb 18, 2026