{
  "modified": "2025-10-22T19:33:02Z",
  "published": "2025-10-22T13:23:40Z",
  "schema_version": "1.7.3",
  "id": "CVE-2023-53701",
  "summary": "netfilter: nf_tables: deactivate anonymous set from preparation phase",
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: deactivate anonymous set from preparation phase\n\n[ backport for 4.14 of c1592a89942e9678f7d9c8030efa777c0d57edab ]\n\nToggle deleted anonymous sets as inactive in the next generation, so\nusers cannot perform any update on it. Clear the generation bitmask\nin case the transaction is aborted.\n\nThe following KASAN splat shows a set element deletion for a bound\nanonymous set that has been already removed in the same transaction.\n\n[   64.921510] ==================================================================\n[   64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]\n[   64.924745] Write of size 8 at addr dead000000000122 by task test/890\n[   64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253\n[   64.931120] Call Trace:\n[   64.932699]  \u003cTASK\u003e\n[   64.934292]  dump_stack_lvl+0x33/0x50\n[   64.935908]  ? nf_tables_commit+0xa24/0x1490 [nf_tables]\n[   64.937551]  kasan_report+0xda/0x120\n[   64.939186]  ? nf_tables_commit+0xa24/0x1490 [nf_tables]\n[   64.940814]  nf_tables_commit+0xa24/0x1490 [nf_tables]\n[   64.942452]  ? __kasan_slab_alloc+0x2d/0x60\n[   64.944070]  ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]\n[   64.945710]  ? kasan_set_track+0x21/0x30\n[   64.947323]  nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]\n[   64.948898]  ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]",
  "affected": [
    {
      "ranges": [
        {
          "type": "GIT",
          "events": [
            {
              "introduced": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"
            },
            {
              "fixed": "86572872505023e3bb461b271c2f25fdaa3dfcd7"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.14.315"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/86572872505023e3bb461b271c2f25fdaa3dfcd7"
    }
  ]
}