{"id":"CVE-2023-54035","summary":"netfilter: nf_tables: fix underflow in chain reference counter","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix underflow in chain reference counter\n\nSet element addition error path decrements reference counter on chains\ntwice: once on element release and again via nft_data_release().\n\nThen, d6b478666ffa (\"netfilter: nf_tables: fix underflow in object\nreference counter\") incorrectly fixed this by removing the stateful\nobject reference count decrement.\n\nRestore the stateful object decrement as in b91d90368837 (\"netfilter:\nnf_tables: fix leaking object reference count\") and let\nnft_data_release() decrement the chain reference counter, so this is\ndone only once.","modified":"2026-03-31T17:29:41.134339468Z","published":"2025-12-24T10:56:02.358Z","related":["SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54035.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/9c959671abc7d4ffdf34eed10c64492d43cb6a3c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b068314fd8ce751a7f906e55bb90f3551815f1a0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b389139f12f287b8ed2e2628b72df89a081f0b59"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54035.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-54035"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"35651fde1a7bb54dde0a46d35cd0d7136869ae86"},{"fixed":"b068314fd8ce751a7f906e55bb90f3551815f1a0"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"628bd3e49cba1c066228e23d71a852c23e26da73"},{"fixed":"9c959671abc7d4ffdf34eed10c64492d43cb6a3c"},{"fixed":"b389139f12f287b8ed2e2628b72df89a081f0b59"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"bc9f791d2593f17e39f87c6e2b3a36549a3705b1"},{"last_affected":"3c7ec098e3b588434a8b07ea9b5b36f04cef1f50"},{"last_affected":"a136b7942ad2a50de708f76ea299ccb45ac7a7f9"},{"last_affected":"25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f8"},{"last_affected":"d60be2da67d172aecf866302c91ea11533eca4d9"},{"last_affected":"dc7cdf8cbcbf8b13de1df93f356ec04cdeef5c41"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54035.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.4.0"},{"fixed":"6.4.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54035.json"}}],"schema_version":"1.7.5"}