CVE-2023-54200

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's netfilter component, specifically within the nf tables subsystem. The issue involves the improper handling of network device (netdev) hooks during network namespace (netns) removal. A regression was introduced that could lead to a use-after-free condition when a virtual ethernet (veth) device is released, potentially triggering a kernel bug. This occurs when a veth device's release callback queues the peer netns device for removal, and that peer netns is also slated for removal. The device memory may be released before the pre-exit hook of the peer netns runs, leading to a crash. The issue was addressed by reverting a previous change.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.