{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T06:16:35.470","vulnerabilities":[{"cve":{"id":"CVE-2023-52924","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-02-05T10:15:21.073","lastModified":"2025-10-15T20:04:35.060","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don't skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain->use count for all elements\n   from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n   (or another walk to do a chain->use increment for all elements from\n    abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon't have been changed.\n\nThen, when set is culled, ->destroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: no omitir elementos expirados durante el recorrido hay una asimetría entre la fase de confirmación/aborto y la de preparación si se cumplen las siguientes condiciones: 1. el conjunto es un mapa de veredicto (\"1.2.3.4: saltar foo\") 2. los tiempos de espera están habilitados en este caso, la siguiente secuencia es problemática: 1. el elemento E en el conjunto S se refiere a la cadena C 2. el espacio de usuario solicita la eliminación del conjunto S 3. el kernel realiza un recorrido de conjuntos para decrementar el recuento de cadena-&gt;uso para todos los elementos de la fase de preparación 4. el kernel realiza otro recorrido de conjuntos para eliminar elementos de la fase de confirmación (u otro recorrido para hacer un incremento de cadena-&gt;uso para todos los elementos de la fase de aborto) Si E ya expiró en 1), se ignorará durante el recorrido de lista, por lo que su recuento de uso no se habrá modificado. Luego, cuando se elimina el conjunto, la devolución de llamada -&gt;destroy eliminará el elemento a través de nf_tables_set_elem_destroy(), pero esta función solo es segura para los elementos que se han desactivado antes de la fase de preparación: la falta de una desactivación anterior elimina el elemento pero filtra el recuento de uso de la cadena, lo que da como resultado un splat WARN cuando la cadena se elimina más tarde, además de una fuga de la estructura nft_chain. Actualice pipapo_get() para no omitir los elementos vencidos, de lo contrario, el comando flush informa errores ENOENT falsos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1","versionEndExcluding":"4.19.316","matchCriteriaId":"438A8F19-DCB5-461B-9968-D63B845789C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.262","matchCriteriaId":"28B0AAED-45BA-4928-9A85-66A429B9F038"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.198","matchCriteriaId":"66D916C3-4087-44FF-9CD9-D2826BCC9E3D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.134","matchCriteriaId":"346A7B1E-5048-460C-9640-5EFA2075158B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.56","matchCriteriaId":"5EA89569-DD45-4A69-BB4D-8356FA9386BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.4.11","matchCriteriaId":"C36FD9E6-B6D7-4887-8F08-C1F64E139D5C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*","matchCriteriaId":"0B3E6E4D-E24E-4630-B00C-8C9901C597B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*","matchCriteriaId":"E4A01A71-0F09-4DB2-A02F-7EFFBE27C98D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*","matchCriteriaId":"F5608371-157A-4318-8A2E-4104C3467EA1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*","matchCriteriaId":"2226A776-DF8C-49E0-A030-0A7853BB018A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:*","matchCriteriaId":"6F15C659-DF06-455A-9765-0E6DE920F29A"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1da4874d05da1526b11b82fc7f3c7ac38749ddf8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/24138933b97b055d486e8064b4a1721702442a9b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/59dab3bf0b8fc08eb802721c0532f13dd89209b8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7c7e658a36f8b1522bd3586d8137e5f93a25ddc5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/94313a196b44184b5b52c1876da6a537701b425a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b15ea4017af82011dd55225ce77cce3d4dfc169c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bd156ce9553dcaf2d6ee2c825d1a5a1718e86524","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}