PT-2025-41063 · Linux+3 · Linux Kernel+3

Published

2025-10-07

Updated

2026-02-05

CVE-2023-53619

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the netfilter component, specifically in the conntrack functionality. A use-after-free condition can occur if nf conntrack init start() fails, such as due to a register nf conntrack bpf() failure, leading to the nf ct helper hash map being freed by the nf conntrack helper fini() cleanup path. Subsequently, if netfilter modules (e.g., netfilter conntrack ftp) are loaded with NF CONNTRACK=y, they may call nf conntrack helpers register(), accessing a dangling pointer in nf ct helper hash. This can result in memory corruption. The issue is addressed by preventing nf conntrack helper register() from accessing a freed or uninitialized nf ct helper hash pointer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2023-53619

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4111-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4135-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4188-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4301-1

SUSE-SU-2025:4320-1

Affected Products

Linux Kernel

Suse

Netfilter

Netfilter Ip Conntrack

PT-2025-41063 · Linux+3 · Linux Kernel+3

CVE-2023-53619

Weakness Enumeration

Related Identifiers

Affected Products

References · 1398