CVE-2023-52925

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue concerns the Linux kernel's netfilter component, specifically the nf tables subsystem. It has been observed that insertion operations should ignore duplicate but expired entries. Additionally, there is an asymmetry in the nft pipapo activate function, where it refetches the current element, unlike other ->activate callbacks that use elem->priv. The same issue is present in the .remove function, where nft pipapo remove fetches elem->priv and then performs a relookup, which should be removed. The pipapo get() helper is used for normal get requests, insertions, and deactivate callbacks, and it has been noted that skipping expired elements in this context does not make sense. The nftables selftests have failed, indicating an issue with the current implementation.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.