PT-2025-40199 · Linux+2 · Linux Kernel+2

Published

2023-07-05

Updated

2025-11-19

CVE-2023-53492

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0

Description A flaw exists in the Linux kernel's netfilter module, specifically within the nf tables subsystem. The issue arises because the nft chain lookup byid function does not properly consider the genmask when searching for a chain by its ID. This can lead to a situation where a rule is added to a chain that has already been deleted, resulting in a warning message and potential instability. The issue occurs when adding a rule to a chain referencing its ID, if that chain was deleted in the same batch.

Recommendations Update to version 6.4.0 or later to address this issue.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-672CWE-20CWE-763

Related Identifiers

ALSA-2025_16880

BDU:2025-16258

CVE-2023-53492

RHSA-2023:5604

RHSA-2023:6583

RHSA-2023_6583

SUSE-SU-2025:03600-1

SUSE-SU-2025:03613-1

SUSE-SU-2025:03615-1

SUSE-SU-2025:03626-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:3761-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

Affected Products

Linux Kernel

Red Hat

Suse

PT-2025-40199 · Linux+2 · Linux Kernel+2

CVE-2023-53492

Weakness Enumeration

Related Identifiers

Affected Products

References · 2025