CVE-2023-52927Use After Free in Linux

CWE-416Use After FreeCWE-20Improper Input Validation51 documents8 sources
Severity
7.8HIGHNVD
OSV8.8OSV7.1OSV5.9OSV5.5
EPSS
0.0%
top 87.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedMar 14
Latest updateJul 16

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel5.186.1.130+1
Debianlinux/linux_kernel< 6.1.133-1+2
Ubuntulinux/linux_kernel< 5.4.0-215.235+2
CVEListV5linux/linux1bc91a5ddf3eaea0e0ea957cccf3abdcfcace00e3fa58a6fbd1e9e5682d09cdafb08fba004cb12ec+2
debiandebian/linux< linux 6.1.133-1 (bookworm)

Also affects: Debian Linux 11.0

🔴Vulnerability Details

24
OSV
linux-iot vulnerabilities2025-07-16
OSV
linux-xilinx-zynqmp vulnerabilities2025-06-26
OSV
linux-raspi-5.4 vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-28
OSV
linux-bluefield vulnerabilities2025-05-26

📋Vendor Advisories

26
Ubuntu
Linux kernel (IoT) vulnerabilities2025-07-16
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2025-06-26
CISA ICS
Siemens SIMATIC S7-1500 CPU Family2025-06-12
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28