fkie_cve-2023-53619
Vulnerability from fkie_nvd
Published
2025-10-07 16:15
Modified
2025-10-08 19:38
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free If nf_conntrack_init_start() fails (for example due to a register_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini() clean-up path frees the nf_ct_helper_hash map. When built with NF_CONNTRACK=y, further netfilter modules (e.g: netfilter_conntrack_ftp) can still be loaded and call nf_conntrack_helpers_register(), independently of whether nf_conntrack initialized correctly. This accesses the nf_ct_helper_hash dangling pointer and causes a uaf, possibly leading to random memory corruption. This patch guards nf_conntrack_helper_register() from accessing a freed or uninitialized nf_ct_helper_hash pointer and fixes possible uses-after-free when loading a conntrack module.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/00716f25f9697d02a0d9bd622575c7c7321ba3d0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/05561f822f27b9fa88fa5504ddec34bf38833034
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4ee69c91cb8f9ca144bc0861969e5a1a3c6152a7
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/61c7a5256543ae7d24cd9d21853d514c8632e1e9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6eef7a2b933885a17679eb8ed0796ddf0ee5309b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6f03ce2f1abcb9f9d0511e3659ca6eb60e39f566
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8289d422f5e484efe4a565fe18e862ecd621c175
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fce5cc7cbd4b92f979bf02c9ec5fb69aaeba92d7
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: Avoid nf_ct_helper_hash uses after free\n\nIf nf_conntrack_init_start() fails (for example due to a\nregister_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini()\nclean-up path frees the nf_ct_helper_hash map.\n\nWhen built with NF_CONNTRACK=y, further netfilter modules (e.g:\nnetfilter_conntrack_ftp) can still be loaded and call\nnf_conntrack_helpers_register(), independently of whether nf_conntrack\ninitialized correctly. This accesses the nf_ct_helper_hash dangling\npointer and causes a uaf, possibly leading to random memory corruption.\n\nThis patch guards nf_conntrack_helper_register() from accessing a freed\nor uninitialized nf_ct_helper_hash pointer and fixes possible\nuses-after-free when loading a conntrack module."
    }
  ],
  "id": "CVE-2023-53619",
  "lastModified": "2025-10-08T19:38:32.610",
  "metrics": {},
  "published": "2025-10-07T16:15:44.473",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/00716f25f9697d02a0d9bd622575c7c7321ba3d0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/05561f822f27b9fa88fa5504ddec34bf38833034"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4ee69c91cb8f9ca144bc0861969e5a1a3c6152a7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/61c7a5256543ae7d24cd9d21853d514c8632e1e9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6eef7a2b933885a17679eb8ed0796ddf0ee5309b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6f03ce2f1abcb9f9d0511e3659ca6eb60e39f566"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8289d422f5e484efe4a565fe18e862ecd621c175"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fce5cc7cbd4b92f979bf02c9ec5fb69aaeba92d7"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.