CVE-2023-53635

EPSS 0.02%
Veröffentlicht 07.10.2025 15:19:36
Zuletzt bearbeitet 07.10.2025 16:15:46
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: fix wrong ct->timeout value

(struct nf_conn)->timeout is an interval before the conntrack
confirmed.  After confirmed, it becomes a timestamp.

It is observed that timeout of an unconfirmed conntrack:
- Set by calling ctnetlink_change_timeout(). As a result,
  `nfct_time_stamp` was wrongly added to `ct->timeout` twice.
- Get by calling ctnetlink_dump_timeout(). As a result,
  `nfct_time_stamp` was wrongly subtracted.

Call Trace:
 <TASK>
 dump_stack_lvl
 ctnetlink_dump_timeout
 __ctnetlink_glue_build
 ctnetlink_glue_build
 __nfqnl_enqueue_packet
 nf_queue
 nf_hook_slow
 ip_mc_output
 ? __pfx_ip_finish_output
 ip_send_skb
 ? __pfx_dst_output
 udp_send_skb
 udp_sendmsg
 ? __pfx_ip_generic_getfrag
 sock_sendmsg

Separate the 2 cases in:
- Setting `ct->timeout` in __nf_ct_set_timeout().
- Getting `ct->timeout` in ctnetlink_dump_timeout().

Pablo appends:

Update ctnetlink to set up the timeout _after_ the IPS_CONFIRMED flag is
set on, otherwise conntrack creation via ctnetlink breaks.

Note that the problem described in this patch occurs since the
introduction of the nfnetlink_queue conntrack support, select a
sufficiently old Fixes: tag for -stable kernel to pick up this fix.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 80c5ba0078e20d926d11d0778f9a43902664ebf0

Version a4b4766c3cebb4018167e06b863d8e95b7274757

Status affected

Version < ff5e4ac8dd7be7f1faba955c5779a68571eeb0f8

Version a4b4766c3cebb4018167e06b863d8e95b7274757

Status affected

Version < f612ae1ab4793701caf39386fb3b7f4b3ef44e48

Version a4b4766c3cebb4018167e06b863d8e95b7274757

Status affected

Version < 73db1b8f2bb6725b7391e85aab41fdf592b3c0c1

Version a4b4766c3cebb4018167e06b863d8e95b7274757

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.4

Status affected

Version < 4.4

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.28

Status unaffected

Version <= 6.2.*

Version 6.2.15

Status unaffected

Version <= 6.3.*

Version 6.3.2

Status unaffected

Version <= *

Version 6.4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/80c5ba0078e20d926d11d0778f9a43902664ebf0

https://git.kernel.org/stable/c/ff5e4ac8dd7be7f1faba955c5779a68571eeb0f8

https://git.kernel.org/stable/c/f612ae1ab4793701caf39386fb3b7f4b3ef44e48

https://git.kernel.org/stable/c/73db1b8f2bb6725b7391e85aab41fdf592b3c0c1

https://nvd.nist.gov/vuln/detail/CVE-2023-53635

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53635

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53635

EUVD