fkie_cve-2023-53200
Vulnerability from fkie_nvd
Published
2025-09-15 15:15
Modified
2025-09-15 15:22
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix percpu counter block leak on error path when creating new netns Here is the stack where we allocate percpu counter block: +-< __alloc_percpu +-< xt_percpu_counter_alloc +-< find_check_entry # {arp,ip,ip6}_tables.c +-< translate_table And it can be leaked on this code path: +-> ip6t_register_table +-> translate_table # allocates percpu counter block +-> xt_register_table # fails there is no freeing of the counter block on xt_register_table fail. Note: xt_percpu_counter_free should be called to free it like we do in do_replace through cleanup_entry helper (or in __ip6t_unregister_table). Probability of hitting this error path is low AFAICS (xt_register_table can only return ENOMEM here, as it is not replacing anything, as we are creating new netns, and it is hard to imagine that all previous allocations succeeded and after that one in xt_register_table failed). But it's worth fixing even the rare leak.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0af8c09c896810879387decfba8c942994bb61f5
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3cc9610a87b7dde82f7360dd4eb6c2c27940ed57
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/512b6c4b83c91d007301ea7d7f095d16c3aceacd
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e306dbee4c98025a9326386023a12ef4d887e9d1
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: fix percpu counter block leak on error path when creating new netns\n\nHere is the stack where we allocate percpu counter block:\n\n  +-\u003c __alloc_percpu\n    +-\u003c xt_percpu_counter_alloc\n      +-\u003c find_check_entry # {arp,ip,ip6}_tables.c\n        +-\u003c translate_table\n\nAnd it can be leaked on this code path:\n\n  +-\u003e ip6t_register_table\n    +-\u003e translate_table # allocates percpu counter block\n    +-\u003e xt_register_table # fails\n\nthere is no freeing of the counter block on xt_register_table fail.\nNote: xt_percpu_counter_free should be called to free it like we do in\ndo_replace through cleanup_entry helper (or in __ip6t_unregister_table).\n\nProbability of hitting this error path is low AFAICS (xt_register_table\ncan only return ENOMEM here, as it is not replacing anything, as we are\ncreating new netns, and it is hard to imagine that all previous\nallocations succeeded and after that one in xt_register_table failed).\nBut it\u0027s worth fixing even the rare leak."
    }
  ],
  "id": "CVE-2023-53200",
  "lastModified": "2025-09-15T15:22:27.090",
  "metrics": {},
  "published": "2025-09-15T15:15:46.400",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0af8c09c896810879387decfba8c942994bb61f5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3cc9610a87b7dde82f7360dd4eb6c2c27940ed57"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/512b6c4b83c91d007301ea7d7f095d16c3aceacd"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e306dbee4c98025a9326386023a12ef4d887e9d1"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.