{
"threat_severity" : "Low",
"public_date" : "2025-10-01T00:00:00Z",
"bugzilla" : {
"description" : "kernel: netfilter: nf_tables: do not ignore genmask when looking up chain by id",
"id" : "2400758",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2400758"
},
"cvss3" : {
"cvss3_base_score" : "3.0",
"cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L",
"status" : "verified"
},
"cwe" : "CWE-763",
"details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nf_tables: do not ignore genmask when looking up chain by id\nWhen adding a rule to a chain referring to its ID, if that chain had been\ndeleted on the same batch, the rule might end up referring to a deleted\nchain.\nThis will lead to a WARNING like following:\n[ 33.098431] ------------[ cut here ]------------\n[ 33.098678] WARNING: CPU: 5 PID: 69 at net/netfilter/nf_tables_api.c:2037 nf_tables_chain_destroy+0x23d/0x260\n[ 33.099217] Modules linked in:\n[ 33.099388] CPU: 5 PID: 69 Comm: kworker/5:1 Not tainted 6.4.0+ #409\n[ 33.099726] Workqueue: events nf_tables_trans_destroy_work\n[ 33.100018] RIP: 0010:nf_tables_chain_destroy+0x23d/0x260\n[ 33.100306] Code: 8b 7c 24 68 e8 64 9c ed fe 4c 89 e7 e8 5c 9c ed fe 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 89 c6 89 c7 c3 cc cc cc cc <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 89 c6 89 c7\n[ 33.101271] RSP: 0018:ffffc900004ffc48 EFLAGS: 00010202\n[ 33.101546] RAX: 0000000000000001 RBX: ffff888006fc0a28 RCX: 0000000000000000\n[ 33.101920] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n[ 33.102649] RBP: ffffc900004ffc78 R08: 0000000000000000 R09: 0000000000000000\n[ 33.103018] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880135ef500\n[ 33.103385] R13: 0000000000000000 R14: dead000000000122 R15: ffff888006fc0a10\n[ 33.103762] FS: 0000000000000000(0000) GS:ffff888024c80000(0000) knlGS:0000000000000000\n[ 33.104184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 33.104493] CR2: 00007fe863b56a50 CR3: 00000000124b0001 CR4: 0000000000770ee0\n[ 33.104872] PKRU: 55555554\n[ 33.104999] Call Trace:\n[ 33.105113] \n[ 33.105214] ? show_regs+0x72/0x90\n[ 33.105371] ? __warn+0xa5/0x210\n[ 33.105520] ? nf_tables_chain_destroy+0x23d/0x260\n[ 33.105732] ? report_bug+0x1f2/0x200\n[ 33.105902] ? handle_bug+0x46/0x90\n[ 33.106546] ? exc_invalid_op+0x19/0x50\n[ 33.106762] ? asm_exc_invalid_op+0x1b/0x20\n[ 33.106995] ? nf_tables_chain_destroy+0x23d/0x260\n[ 33.107249] ? nf_tables_chain_destroy+0x30/0x260\n[ 33.107506] nf_tables_trans_destroy_work+0x669/0x680\n[ 33.107782] ? mark_held_locks+0x28/0xa0\n[ 33.107996] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10\n[ 33.108294] ? _raw_spin_unlock_irq+0x28/0x70\n[ 33.108538] process_one_work+0x68c/0xb70\n[ 33.108755] ? lock_acquire+0x17f/0x420\n[ 33.108977] ? __pfx_process_one_work+0x10/0x10\n[ 33.109218] ? do_raw_spin_lock+0x128/0x1d0\n[ 33.109435] ? _raw_spin_lock_irq+0x71/0x80\n[ 33.109634] worker_thread+0x2bd/0x700\n[ 33.109817] ? __pfx_worker_thread+0x10/0x10\n[ 33.110254] kthread+0x18b/0x1d0\n[ 33.110410] ? __pfx_kthread+0x10/0x10\n[ 33.110581] ret_from_fork+0x29/0x50\n[ 33.110757] \n[ 33.110866] irq event stamp: 1651\n[ 33.111017] hardirqs last enabled at (1659): [] __up_console_sem+0x79/0xa0\n[ 33.111379] hardirqs last disabled at (1666): [] __up_console_sem+0x5e/0xa0\n[ 33.111740] softirqs last enabled at (1616): [] __irq_exit_rcu+0x9e/0xe0\n[ 33.112094] softirqs last disabled at (1367): [] __irq_exit_rcu+0x9e/0xe0\n[ 33.112453] ---[ end trace 0000000000000000 ]---\nThis is due to the nft_chain_lookup_byid ignoring the genmask. After this\nchange, adding the new rule will fail as it will not find the chain." ],
"affected_release" : [ {
"product_name" : "Red Hat Enterprise Linux 9",
"release_date" : "2023-11-07T00:00:00Z",
"advisory" : "RHSA-2023:6583",
"cpe" : "cpe:/a:redhat:enterprise_linux:9",
"package" : "kernel-0:5.14.0-362.8.1.el9_3"
}, {
"product_name" : "Red Hat Enterprise Linux 9",
"release_date" : "2023-11-07T00:00:00Z",
"advisory" : "RHSA-2023:6583",
"cpe" : "cpe:/o:redhat:enterprise_linux:9",
"package" : "kernel-0:5.14.0-362.8.1.el9_3"
}, {
"product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support",
"release_date" : "2023-10-10T00:00:00Z",
"advisory" : "RHSA-2023:5604",
"cpe" : "cpe:/a:redhat:rhel_eus:9.0",
"package" : "kernel-0:5.14.0-70.75.1.el9_0"
} ],
"package_state" : [ {
"product_name" : "Red Hat Enterprise Linux 10",
"fix_state" : "Not affected",
"package_name" : "kernel",
"cpe" : "cpe:/o:redhat:enterprise_linux:10"
}, {
"product_name" : "Red Hat Enterprise Linux 6",
"fix_state" : "Not affected",
"package_name" : "kernel",
"cpe" : "cpe:/o:redhat:enterprise_linux:6"
}, {
"product_name" : "Red Hat Enterprise Linux 7",
"fix_state" : "Not affected",
"package_name" : "kernel",
"cpe" : "cpe:/o:redhat:enterprise_linux:7"
}, {
"product_name" : "Red Hat Enterprise Linux 7",
"fix_state" : "Not affected",
"package_name" : "kernel-rt",
"cpe" : "cpe:/o:redhat:enterprise_linux:7"
}, {
"product_name" : "Red Hat Enterprise Linux 8",
"fix_state" : "Not affected",
"package_name" : "kernel",
"cpe" : "cpe:/o:redhat:enterprise_linux:8"
}, {
"product_name" : "Red Hat Enterprise Linux 8",
"fix_state" : "Not affected",
"package_name" : "kernel-rt",
"cpe" : "cpe:/o:redhat:enterprise_linux:8"
}, {
"product_name" : "Red Hat Enterprise Linux 9",
"fix_state" : "Fix deferred",
"package_name" : "kernel-rt",
"cpe" : "cpe:/o:redhat:enterprise_linux:9"
} ],
"references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53492\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53492\nhttps://lore.kernel.org/linux-cve-announce/2025100124-CVE-2023-53492-18fd@gregkh/T" ],
"name" : "CVE-2023-53492",
"csaw" : false
}