{"id":"CVE-2023-53200","summary":"netfilter: x_tables: fix percpu counter block leak on error path when creating new netns","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: fix percpu counter block leak on error path when creating new netns\n\nHere is the stack where we allocate percpu counter block:\n\n  +-\u003c __alloc_percpu\n    +-\u003c xt_percpu_counter_alloc\n      +-\u003c find_check_entry # {arp,ip,ip6}_tables.c\n        +-\u003c translate_table\n\nAnd it can be leaked on this code path:\n\n  +-\u003e ip6t_register_table\n    +-\u003e translate_table # allocates percpu counter block\n    +-\u003e xt_register_table # fails\n\nthere is no freeing of the counter block on xt_register_table fail.\nNote: xt_percpu_counter_free should be called to free it like we do in\ndo_replace through cleanup_entry helper (or in __ip6t_unregister_table).\n\nProbability of hitting this error path is low AFAICS (xt_register_table\ncan only return ENOMEM here, as it is not replacing anything, as we are\ncreating new netns, and it is hard to imagine that all previous\nallocations succeeded and after that one in xt_register_table failed).\nBut it's worth fixing even the rare leak.","modified":"2026-04-02T09:43:47.520971Z","published":"2025-09-15T14:21:28.466Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53200.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0af8c09c896810879387decfba8c942994bb61f5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3cc9610a87b7dde82f7360dd4eb6c2c27940ed57"},{"type":"WEB","url":"https://git.kernel.org/stable/c/512b6c4b83c91d007301ea7d7f095d16c3aceacd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e306dbee4c98025a9326386023a12ef4d887e9d1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53200.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53200"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"71ae0dff02d756e4d2ca710b79f2ff5390029a5f"},{"fixed":"e306dbee4c98025a9326386023a12ef4d887e9d1"},{"fixed":"512b6c4b83c91d007301ea7d7f095d16c3aceacd"},{"fixed":"3cc9610a87b7dde82f7360dd4eb6c2c27940ed57"},{"fixed":"0af8c09c896810879387decfba8c942994bb61f5"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53200.json"}}],"schema_version":"1.7.5"}