{"uuid": "812f9ac9-b974-4781-847b-4ff6219af820", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52924", "type": "seen", "source": "https://t.me/cvedetector/17286", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-52924 - Apache Netfilter nf_tables Use Count Leak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-52924 \nPublished : Feb. 5, 2025, 10:15 a.m. | 1\u00a0hour, 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnetfilter: nf_tables: don't skip expired elements during walk  \n  \nThere is an asymmetry between commit/abort and preparation phase if the  \nfollowing conditions are met:  \n  \n1. set is a verdict map (\"1.2.3.4 : jump foo\")  \n2. timeouts are enabled  \n  \nIn this case, following sequence is problematic:  \n  \n1. element E in set S refers to chain C  \n2. userspace requests removal of set S  \n3. kernel does a set walk to decrement chain->use count for all elements  \n   from preparation phase  \n4. kernel does another set walk to remove elements from the commit phase  \n   (or another walk to do a chain->use increment for all elements from  \n    abort phase)  \n  \nIf E has already expired in 1), it will be ignored during list walk, so its use count  \nwon't have been changed.  \n  \nThen, when set is culled, ->destroy callback will zap the element via  \nnf_tables_set_elem_destroy(), but this function is only safe for  \nelements that have been deactivated earlier from the preparation phase:  \nlack of earlier deactivate removes the element but leaks the chain use  \ncount, which results in a WARN splat when the chain gets removed later,  \nplus a leak of the nft_chain structure.  \n  \nUpdate pipapo_get() not to skip expired elements, otherwise flush  \ncommand reports bogus ENOENT errors. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-05T13:17:56.000000Z"}