CVE-2023-53566

04.10.2025, 16:15

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_rbtree: fix null deref on element insertion

There is no guarantee that rb_prev() will not return NULL in nft_rbtree_gc_elem():

general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
 nft_add_set_elem+0x14b0/0x2990
  nf_tables_newsetelem+0x528/0xb30

Furthermore, there is a possible use-after-free while iterating,
'node' can be free'd so we need to cache the next value to use.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.237-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.153-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.16.9-1 fixed
sid	6.16.9-1 fixed

References

https://git.kernel.org/stable/c/3fa13203b6d90cc3a33af47b058739f92ab82eef

https://git.kernel.org/stable/c/61ae320a29b0540c16931816299eb86bf2b66c08

https://git.kernel.org/stable/c/899aa5638568abf5d69de7a7bb95e4615157375b

https://git.kernel.org/stable/c/a337706c1fb35aac3f26b48aca80421bdbe1d33a

https://git.kernel.org/stable/c/a836be60a3aabcedcd9c79f545d409ace1f20ba6

https://git.kernel.org/stable/c/b76db53ee8802ee5683f8cb401d7e2ec6f9b3d56

https://git.kernel.org/stable/c/ec5caa765f7f6960011c919c9aeb1467940421f6