{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T16:12:29.840","vulnerabilities":[{"cve":{"id":"CVE-2023-54243","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-12-30T13:16:12.880","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ebtables: fix table blob use-after-free\n\nWe are not allowed to return an error at this point.\nLooking at the code it looks like ret is always 0 at this\npoint, but its not.\n\nt = find_table_lock(net, repl->name, &ret, &ebt_mutex);\n\n... this can return a valid table, with ret != 0.\n\nThis bug causes update of table->private with the new\nblob, but then frees the blob right away in the caller.\n\nSyzbot report:\n\nBUG: KASAN: vmalloc-out-of-bounds in __ebt_unregister_table+0xc00/0xcd0 net/bridge/netfilter/ebtables.c:1168\nRead of size 4 at addr ffffc90005425000 by task kworker/u4:4/74\nWorkqueue: netns cleanup_net\nCall Trace:\n kasan_report+0xbf/0x1f0 mm/kasan/report.c:517\n __ebt_unregister_table+0xc00/0xcd0 net/bridge/netfilter/ebtables.c:1168\n ebt_unregister_table+0x35/0x40 net/bridge/netfilter/ebtables.c:1372\n ops_exit_list+0xb0/0x170 net/core/net_namespace.c:169\n cleanup_net+0x4ee/0xb10 net/core/net_namespace.c:613\n...\n\nip(6)tables appears to be ok (ret should be 0 at this point) but make\nthis more obvious."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnetfilter: ebtables: corregir uso después de liberación de blob de tabla\n\nNo se nos permite devolver un error en este punto.\nAl mirar el código parece que ret siempre es 0 en este\npunto, pero no lo es.\n\nt = find_table_lock(net, repl->name, &ret, &ebt_mutex);\n\n... esto puede devolver una tabla válida, con ret != 0.\n\nEste error causa la actualización de table->private con el nuevo\nblob, pero luego libera el blob inmediatamente en el llamador.\n\nInforme de Syzbot:\n\nERROR: KASAN: vmalloc-fuera-de-límites en __ebt_unregister_table+0xc00/0xcd0 net/bridge/netfilter/ebtables.c:1168\nLectura de tamaño 4 en la dirección ffffc90005425000 por la tarea kworker/u4:4/74\nCola de trabajo: netns cleanup_net\nTraza de llamada:\n kasan_report+0xbf/0x1f0 mm/kasan/report.c:517\n __ebt_unregister_table+0xc00/0xcd0 net/bridge/netfilter/ebtables.c:1168\n ebt_unregister_table+0x35/0x40 net/bridge/netfilter/ebtables.c:1372\n ops_exit_list+0xb0/0x170 net/core/net_namespace.c:169\n cleanup_net+0x4ee/0xb10 net/core/net_namespace.c:613\n...\n\nip(6)tables parece estar bien (ret debería ser 0 en este punto) pero hacer\nesto más obvio."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/3dd6ac973351308d4117eda32298a9f1d68764fd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9060abce3305ab2354c892c09d5689df51486df5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cda0e0243bd3c04008fcd37a46b0269fb3c49249","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dbb3cbbf03b3c52cb390fabec357f1e4638004f5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e58a171d35e32e6e8c37cfe0e8a94406732a331f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}