{"id":"CVE-2023-53566","summary":"netfilter: nft_set_rbtree: fix null deref on element insertion","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: fix null deref on element insertion\n\nThere is no guarantee that rb_prev() will not return NULL in nft_rbtree_gc_elem():\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n nft_add_set_elem+0x14b0/0x2990\n  nf_tables_newsetelem+0x528/0xb30\n\nFurthermore, there is a possible use-after-free while iterating,\n'node' can be free'd so we need to cache the next value to use.","modified":"2026-04-11T12:46:49.823245Z","published":"2025-10-04T15:17:08.598Z","related":["SUSE-SU-2025:4111-1","SUSE-SU-2025:4135-1","SUSE-SU-2025:4139-1","SUSE-SU-2025:4149-1","SUSE-SU-2025:4188-1","SUSE-SU-2025:4320-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53566.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3fa13203b6d90cc3a33af47b058739f92ab82eef"},{"type":"WEB","url":"https://git.kernel.org/stable/c/61ae320a29b0540c16931816299eb86bf2b66c08"},{"type":"WEB","url":"https://git.kernel.org/stable/c/899aa5638568abf5d69de7a7bb95e4615157375b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a337706c1fb35aac3f26b48aca80421bdbe1d33a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a836be60a3aabcedcd9c79f545d409ace1f20ba6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b76db53ee8802ee5683f8cb401d7e2ec6f9b3d56"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ec5caa765f7f6960011c919c9aeb1467940421f6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53566.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53566"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7ab87a326f20c52ff4d9972052d085be951c704b"},{"fixed":"b76db53ee8802ee5683f8cb401d7e2ec6f9b3d56"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"181859bdfb9734aca449512fccaee4cacce64aed"},{"fixed":"899aa5638568abf5d69de7a7bb95e4615157375b"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4aacf3d78424293e318c616016865380b37b9cc5"},{"fixed":"3fa13203b6d90cc3a33af47b058739f92ab82eef"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2bf1435fa19d2c58054391b3bba40d5510a5758c"},{"fixed":"ec5caa765f7f6960011c919c9aeb1467940421f6"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"318cb24a4c3fce8140afaf84e4d45fcb76fb280b"},{"fixed":"a836be60a3aabcedcd9c79f545d409ace1f20ba6"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c9e6978e2725a7d4b6cd23b2facd3f11422c0643"},{"fixed":"a337706c1fb35aac3f26b48aca80421bdbe1d33a"},{"fixed":"61ae320a29b0540c16931816299eb86bf2b66c08"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53566.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.181"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.113"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.30"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.3.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53566.json"}}],"schema_version":"1.7.5"}