{"id":"CVE-2023-53492","summary":"netfilter: nf_tables: do not ignore genmask when looking up chain by id","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not ignore genmask when looking up chain by id\n\nWhen adding a rule to a chain referring to its ID, if that chain had been\ndeleted on the same batch, the rule might end up referring to a deleted\nchain.\n\nThis will lead to a WARNING like following:\n\n[   33.098431] ------------[ cut here ]------------\n[   33.098678] WARNING: CPU: 5 PID: 69 at net/netfilter/nf_tables_api.c:2037 nf_tables_chain_destroy+0x23d/0x260\n[   33.099217] Modules linked in:\n[   33.099388] CPU: 5 PID: 69 Comm: kworker/5:1 Not tainted 6.4.0+ #409\n[   33.099726] Workqueue: events nf_tables_trans_destroy_work\n[   33.100018] RIP: 0010:nf_tables_chain_destroy+0x23d/0x260\n[   33.100306] Code: 8b 7c 24 68 e8 64 9c ed fe 4c 89 e7 e8 5c 9c ed fe 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 89 c6 89 c7 c3 cc cc cc cc \u003c0f\u003e 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 89 c6 89 c7\n[   33.101271] RSP: 0018:ffffc900004ffc48 EFLAGS: 00010202\n[   33.101546] RAX: 0000000000000001 RBX: ffff888006fc0a28 RCX: 0000000000000000\n[   33.101920] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n[   33.102649] RBP: ffffc900004ffc78 R08: 0000000000000000 R09: 0000000000000000\n[   33.103018] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880135ef500\n[   33.103385] R13: 0000000000000000 R14: dead000000000122 R15: ffff888006fc0a10\n[   33.103762] FS:  0000000000000000(0000) GS:ffff888024c80000(0000) knlGS:0000000000000000\n[   33.104184] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   33.104493] CR2: 00007fe863b56a50 CR3: 00000000124b0001 CR4: 0000000000770ee0\n[   33.104872] PKRU: 55555554\n[   33.104999] Call Trace:\n[   33.105113]  \u003cTASK\u003e\n[   33.105214]  ? show_regs+0x72/0x90\n[   33.105371]  ? __warn+0xa5/0x210\n[   33.105520]  ? nf_tables_chain_destroy+0x23d/0x260\n[   33.105732]  ? report_bug+0x1f2/0x200\n[   33.105902]  ? handle_bug+0x46/0x90\n[   33.106546]  ? exc_invalid_op+0x19/0x50\n[   33.106762]  ? asm_exc_invalid_op+0x1b/0x20\n[   33.106995]  ? nf_tables_chain_destroy+0x23d/0x260\n[   33.107249]  ? nf_tables_chain_destroy+0x30/0x260\n[   33.107506]  nf_tables_trans_destroy_work+0x669/0x680\n[   33.107782]  ? mark_held_locks+0x28/0xa0\n[   33.107996]  ? __pfx_nf_tables_trans_destroy_work+0x10/0x10\n[   33.108294]  ? _raw_spin_unlock_irq+0x28/0x70\n[   33.108538]  process_one_work+0x68c/0xb70\n[   33.108755]  ? lock_acquire+0x17f/0x420\n[   33.108977]  ? __pfx_process_one_work+0x10/0x10\n[   33.109218]  ? do_raw_spin_lock+0x128/0x1d0\n[   33.109435]  ? _raw_spin_lock_irq+0x71/0x80\n[   33.109634]  worker_thread+0x2bd/0x700\n[   33.109817]  ? __pfx_worker_thread+0x10/0x10\n[   33.110254]  kthread+0x18b/0x1d0\n[   33.110410]  ? __pfx_kthread+0x10/0x10\n[   33.110581]  ret_from_fork+0x29/0x50\n[   33.110757]  \u003c/TASK\u003e\n[   33.110866] irq event stamp: 1651\n[   33.111017] hardirqs last  enabled at (1659): [\u003cffffffffa206a209\u003e] __up_console_sem+0x79/0xa0\n[   33.111379] hardirqs last disabled at (1666): [\u003cffffffffa206a1ee\u003e] __up_console_sem+0x5e/0xa0\n[   33.111740] softirqs last  enabled at (1616): [\u003cffffffffa1f5d40e\u003e] __irq_exit_rcu+0x9e/0xe0\n[   33.112094] softirqs last disabled at (1367): [\u003cffffffffa1f5d40e\u003e] __irq_exit_rcu+0x9e/0xe0\n[   33.112453] ---[ end trace 0000000000000000 ]---\n\nThis is due to the nft_chain_lookup_byid ignoring the genmask. After this\nchange, adding the new rule will fail as it will not find the chain.","modified":"2026-04-02T09:44:19.152907Z","published":"2025-10-01T11:45:44.019Z","related":["SUSE-SU-2025:03600-1","SUSE-SU-2025:03613-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03626-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:3761-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53492.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/041e2ac88caef286b39064e83e825e3f53113d36"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4ae2e501331aaa506eaf760339bb2f43e5769395"},{"type":"WEB","url":"https://git.kernel.org/stable/c/515ad530795c118f012539ed76d02bacfd426d89"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5e5e967e8505fbdabfb6497367ec1b808cadc356"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fc95c8b02c6160936f1f3d8d9d7f4f66f3c84b49"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53492.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53492"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"837830a4b439bfeb86c70b0115c280377c84714b"},{"fixed":"4ae2e501331aaa506eaf760339bb2f43e5769395"},{"fixed":"041e2ac88caef286b39064e83e825e3f53113d36"},{"fixed":"fc95c8b02c6160936f1f3d8d9d7f4f66f3c84b49"},{"fixed":"5e5e967e8505fbdabfb6497367ec1b808cadc356"},{"fixed":"515ad530795c118f012539ed76d02bacfd426d89"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53492.json"}}],"schema_version":"1.7.5"}