CVE-2023-52581: netfilter: nf_tables: fix memleak when more than 255 elements expired
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: fix memleak when more than 255 elements expired
The Linux kernel CVE team has assigned CVE-2023-52581 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52581-2165@gregkh/T/#u
Other sources
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: fix memleak when more than 255 elements expired
When more than 255 elements expired we're supposed to switch to a new gc container structure.
This never happens: u8 type will wrap before reaching the boundary and nfttransgcspace() always returns true.
This means we recycle the initial gc container structure and lose track of the elements that came before.
While at it, don't deref 'gc' after we've passed it to callrcu.
— NVD
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2023-52581?
CVE-2023-52581 has a severity rating of medium due to the potential for memory leaks in the Linux kernel's netfilter functionality.
How do I fix CVE-2023-52581?
To fix CVE-2023-52581, upgrade your Linux kernel to version 6.5.6 or later, or to version 6.6.
What systems are affected by CVE-2023-52581?
CVE-2023-52581 affects systems running vulnerable versions of the Linux kernel prior to 6.5.6 and 6.6.
What is the nature of the issue described in CVE-2023-52581?
CVE-2023-52581 involves a memory leak issue when more than 255 elements expire in the netfilter subsystem of the Linux kernel.
Is CVE-2023-52581 being actively exploited?
As of now, there are no reports indicating that CVE-2023-52581 is being actively exploited in the wild.