CVE-2023-52923

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns the netfilter: nf tables component in the Linux kernel, where the set backend has been adapted to use the GC transaction API. This change replaces the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage collection anymore; instead, the DEAD bit is set so the set element is not visible from the lookup path anymore. Async GC enqueues transaction work that might be aborted and retried later. The rbtree and pipapo set backends do not set the DEAD bit from the sync GC path since this runs in the control plane path where the mutex is held. In this case, set elements are deactivated, removed, and then released via RCU callback, and sync GC never fails.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.