{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53200", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-15T13:59:19.067Z", "datePublished": "2025-09-15T14:21:28.466Z", "dateUpdated": "2025-09-15T14:21:28.466Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-15T14:21:28.466Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: fix percpu counter block leak on error path when creating new netns\n\nHere is the stack where we allocate percpu counter block:\n\n +-< __alloc_percpu\n +-< xt_percpu_counter_alloc\n +-< find_check_entry # {arp,ip,ip6}_tables.c\n +-< translate_table\n\nAnd it can be leaked on this code path:\n\n +-> ip6t_register_table\n +-> translate_table # allocates percpu counter block\n +-> xt_register_table # fails\n\nthere is no freeing of the counter block on xt_register_table fail.\nNote: xt_percpu_counter_free should be called to free it like we do in\ndo_replace through cleanup_entry helper (or in __ip6t_unregister_table).\n\nProbability of hitting this error path is low AFAICS (xt_register_table\ncan only return ENOMEM here, as it is not replacing anything, as we are\ncreating new netns, and it is hard to imagine that all previous\nallocations succeeded and after that one in xt_register_table failed).\nBut it's worth fixing even the rare leak."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/netfilter/arp_tables.c", "net/ipv4/netfilter/ip_tables.c", "net/ipv6/netfilter/ip6_tables.c"], "versions": [{"version": "71ae0dff02d756e4d2ca710b79f2ff5390029a5f", "lessThan": "e306dbee4c98025a9326386023a12ef4d887e9d1", "status": "affected", "versionType": "git"}, {"version": "71ae0dff02d756e4d2ca710b79f2ff5390029a5f", "lessThan": "512b6c4b83c91d007301ea7d7f095d16c3aceacd", "status": "affected", "versionType": "git"}, {"version": "71ae0dff02d756e4d2ca710b79f2ff5390029a5f", "lessThan": "3cc9610a87b7dde82f7360dd4eb6c2c27940ed57", "status": "affected", "versionType": "git"}, {"version": "71ae0dff02d756e4d2ca710b79f2ff5390029a5f", "lessThan": "0af8c09c896810879387decfba8c942994bb61f5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/netfilter/arp_tables.c", "net/ipv4/netfilter/ip_tables.c", "net/ipv6/netfilter/ip6_tables.c"], "versions": [{"version": "4.2", "status": "affected"}, {"version": "0", "lessThan": "4.2", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.100", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.18", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.5", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "5.15.100"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "6.1.18"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "6.2.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "6.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e306dbee4c98025a9326386023a12ef4d887e9d1"}, {"url": "https://git.kernel.org/stable/c/512b6c4b83c91d007301ea7d7f095d16c3aceacd"}, {"url": "https://git.kernel.org/stable/c/3cc9610a87b7dde82f7360dd4eb6c2c27940ed57"}, {"url": "https://git.kernel.org/stable/c/0af8c09c896810879387decfba8c942994bb61f5"}], "title": "netfilter: x_tables: fix percpu counter block leak on error path when creating new netns", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: fix percpu counter block leak on error path when creating new netns\n\nHere is the stack where we allocate percpu counter block:\n\n +-< __alloc_percpu\n +-< xt_percpu_counter_alloc\n +-< find_check_entry # {arp,ip,ip6}_tables.c\n +-< translate_table\n\nAnd it can be leaked on this code path:\n\n +-> ip6t_register_table\n +-> translate_table # allocates percpu counter block\n +-> xt_register_table # fails\n\nthere is no freeing of the counter block on xt_register_table fail.\nNote: xt_percpu_counter_free should be called to free it like we do in\ndo_replace through cleanup_entry helper (or in __ip6t_unregister_table).\n\nProbability of hitting this error path is low AFAICS (xt_register_table\ncan only return ENOMEM here, as it is not replacing anything, as we are\ncreating new netns, and it is hard to imagine that all previous\nallocations succeeded and after that one in xt_register_table failed).\nBut it's worth fixing even the rare leak."}], "id": "CVE-2023-53200", "lastModified": "2025-09-15T15:22:27.090", "metrics": {}, "published": "2025-09-15T15:15:46.400", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0af8c09c896810879387decfba8c942994bb61f5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3cc9610a87b7dde82f7360dd4eb6c2c27940ed57"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/512b6c4b83c91d007301ea7d7f095d16c3aceacd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e306dbee4c98025a9326386023a12ef4d887e9d1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{}