CVE-2023-53179 — Out-of-bounds Write in Linux

CWE-787 — Out-of-bounds Write CWE-190 — Integer Overflow or Wraparound5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 96.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c The missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet can lead to the use of wrong `CIDR_POS(c)` for calculating array offsets, which can lead to integer underflow. As a result, it leads to slab out-of-bound access. This patch adds back the IP_SET_HASH_WITH_NET0 macro to ip_set_hash_netportnet to address the issue.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel4.4.165 — 4.5+10

▶Debianlinux/linux_kernel< 5.10.197-1+3

▶CVEListV5linux/linux0d5d0b5c41f766355f2b42c47d13ea001f754c7d — 7935b636dd693dfe4483cfef4a1e91366c8103fa+11

▶debiandebian/linux< linux 6.1.55-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2023-53179: In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netp↗2025-09-15

▶

GHSA

GHSA-95q3-rgv7-prpr: In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_net↗2025-09-15

▶

📋Vendor Advisories

Red Hat

kernel: netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c↗2025-09-15

▶

Debian

CVE-2023-53179: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ...↗2023

▶