{"id":"CVE-2023-53304","summary":"netfilter: nft_set_rbtree: fix overlap expiration walk","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: fix overlap expiration walk\n\nThe lazy gc on insert that should remove timed-out entries fails to release\nthe other half of the interval, if any.\n\nCan be reproduced with tests/shell/testcases/sets/0044interval_overlap_0\nin nftables.git and kmemleak enabled kernel.\n\nSecond bug is the use of rbe_prev vs. prev pointer.\nIf rbe_prev() returns NULL after at least one iteration, rbe_prev points\nto element that is not an end interval, hence it should not be removed.\n\nLastly, check the genmask of the end interval if this is active in the\ncurrent generation.","modified":"2026-04-11T12:46:44.854178Z","published":"2025-09-16T16:11:44.147Z","related":["SUSE-SU-2025:03600-1","SUSE-SU-2025:03613-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03626-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:3761-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53304.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/50cbb9d195c197af671869c8cadce3bd483735a0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8284a79136c384059e85e278da2210b809730287"},{"type":"WEB","url":"https://git.kernel.org/stable/c/893cb3c3513cf661a0ff45fe0cfa83fe27131f76"},{"type":"WEB","url":"https://git.kernel.org/stable/c/89a4d1a89751a0fbd520e64091873e19cc0979e8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/acaee227cf79c45a5d2d49c3e9a66333a462802c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cd66733932399475fe933cb3ec03e687ed401462"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f718863aca469a109895cb855e6b81fff4827d71"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53304.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53304"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7ab87a326f20c52ff4d9972052d085be951c704b"},{"fixed":"8284a79136c384059e85e278da2210b809730287"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"181859bdfb9734aca449512fccaee4cacce64aed"},{"fixed":"acaee227cf79c45a5d2d49c3e9a66333a462802c"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4aacf3d78424293e318c616016865380b37b9cc5"},{"fixed":"893cb3c3513cf661a0ff45fe0cfa83fe27131f76"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2bf1435fa19d2c58054391b3bba40d5510a5758c"},{"fixed":"50cbb9d195c197af671869c8cadce3bd483735a0"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"318cb24a4c3fce8140afaf84e4d45fcb76fb280b"},{"fixed":"89a4d1a89751a0fbd520e64091873e19cc0979e8"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c9e6978e2725a7d4b6cd23b2facd3f11422c0643"},{"fixed":"cd66733932399475fe933cb3ec03e687ed401462"},{"fixed":"f718863aca469a109895cb855e6b81fff4827d71"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53304.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.190"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.124"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.43"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.4.8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53304.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}