{"vulnerability": "CVE-2023-52924", "sightings": [{"uuid": "76bd15c5-1b79-459c-96c8-8a57e22e0336", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52924", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113950532906464739", "content": "", "creation_timestamp": "2025-02-05T09:19:05.679390Z"}, {"uuid": "812f9ac9-b974-4781-847b-4ff6219af820", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52924", "type": "seen", "source": "https://t.me/cvedetector/17286", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2023-52924 - Apache Netfilter nf_tables Use Count Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2023-52924 \nPublished : Feb. 5, 2025, 10:15 a.m. | 1\u00a0hour, 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnetfilter: nf_tables: don't skip expired elements during walk \n \nThere is an asymmetry between commit/abort and preparation phase if the \nfollowing conditions are met: \n \n1. set is a verdict map (\"1.2.3.4 : jump foo\") \n2. timeouts are enabled \n \nIn this case, following sequence is problematic: \n \n1. element E in set S refers to chain C \n2. userspace requests removal of set S \n3. kernel does a set walk to decrement chain->use count for all elements \n from preparation phase \n4. kernel does another set walk to remove elements from the commit phase \n (or another walk to do a chain->use increment for all elements from \n abort phase) \n \nIf E has already expired in 1), it will be ignored during list walk, so its use count \nwon't have been changed. \n \nThen, when set is culled, ->destroy callback will zap the element via \nnf_tables_set_elem_destroy(), but this function is only safe for \nelements that have been deactivated earlier from the preparation phase: \nlack of earlier deactivate removes the element but leaks the chain use \ncount, which results in a WARN splat when the chain gets removed later, \nplus a leak of the nft_chain structure. \n \nUpdate pipapo_get() not to skip expired elements, otherwise flush \ncommand reports bogus ENOENT errors. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"05 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-05T13:17:56.000000Z"}, {"uuid": "b8ffcc61-ebd6-4da2-899b-6cf7546cef32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52924", "type": "seen", "source": "Telegram/wWfwHxa8r4csvCY5OWXBy4LKMLF6OyMrvichRZw8oaZMtfWO", "content": "", "creation_timestamp": "2025-02-06T02:43:28.000000Z"}, {"uuid": "c371faf2-6002-4ec0-8c49-4b828d892938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52924", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113950551622532897", "content": "", "creation_timestamp": "2025-02-05T09:23:51.671751Z"}, {"uuid": "d7693e45-c824-45d2-b2ad-d009b182455a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52924", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhgdnyryet27", "content": "", "creation_timestamp": "2025-02-05T10:15:39.589648Z"}, {"uuid": "086ef379-b709-47d8-956a-032d0ca89ed5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52924", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhgrs6p23m2k", "content": "", "creation_timestamp": "2025-02-05T14:28:28.096497Z"}]}