CVE-2023-53549

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the netfilter component of the Linux kernel related to ipset handling. Specifically, when adding or deleting a large number of elements to an ipset in a single operation, it can lead to soft lockup errors due to prolonged task execution. A previous attempt to mitigate this by limiting the maximum number of elements processed was insufficient. The current resolution involves saving the state of the operation, unlocking and locking as needed, and proceeding from the saved state to avoid long continuous tasks while removing the limit on the number of elements processed in one step. The nfnl mutex is held throughout the operation, preventing parallel ipset commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.