CVE-2023-53635

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue was identified in the Linux kernel related to the netfilter conntrack functionality. The problem involves an incorrect timeout value for connection tracking entries (ct->timeout). Specifically, the timeout calculation was flawed for unconfirmed conntrack entries, leading to errors when setting and retrieving the timeout value. The issue stems from incorrectly adding or subtracting nfct time stamp during timeout management. The fix involves separating the timeout setting and getting processes and ensuring the timeout is set up after the IPS CONFIRMED flag is set.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.