CVE-2023-53566 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 97.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: fix null deref on element insertion There is no guarantee that rb_prev() will not return NULL in nft_rbtree_gc_elem(): general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] nft_add_set_elem+0x14b0/0x2990 nf_tables_newsetelem+0x528/0xb30 Furthermore, there is a possible use-a…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel5.10.166 — 5.10.181+5

▶Debianlinux/linux_kernel< 5.10.191-1+3

▶CVEListV5linux/linux7ab87a326f20c52ff4d9972052d085be951c704b — b76db53ee8802ee5683f8cb401d7e2ec6f9b3d56+7

▶debiandebian/linux< linux 6.1.37-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-pcw3-hvmm-479h: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: fix null deref on element insertion There is no guara↗2025-10-04

▶

OSV

CVE-2023-53566: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: fix null deref on element insertion There is no guarant↗2025-10-04

▶

📋Vendor Advisories

Red Hat

kernel: netfilter: nft_set_rbtree: fix null deref on element insertion↗2025-10-04

▶

Debian

CVE-2023-53566: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ...↗2023

▶