{"id":"CVE-2023-53701","summary":"netfilter: nf_tables: deactivate anonymous set from preparation phase","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: deactivate anonymous set from preparation phase\n\n[ backport for 4.14 of c1592a89942e9678f7d9c8030efa777c0d57edab ]\n\nToggle deleted anonymous sets as inactive in the next generation, so\nusers cannot perform any update on it. Clear the generation bitmask\nin case the transaction is aborted.\n\nThe following KASAN splat shows a set element deletion for a bound\nanonymous set that has been already removed in the same transaction.\n\n[   64.921510] ==================================================================\n[   64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]\n[   64.924745] Write of size 8 at addr dead000000000122 by task test/890\n[   64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253\n[   64.931120] Call Trace:\n[   64.932699]  \u003cTASK\u003e\n[   64.934292]  dump_stack_lvl+0x33/0x50\n[   64.935908]  ? nf_tables_commit+0xa24/0x1490 [nf_tables]\n[   64.937551]  kasan_report+0xda/0x120\n[   64.939186]  ? nf_tables_commit+0xa24/0x1490 [nf_tables]\n[   64.940814]  nf_tables_commit+0xa24/0x1490 [nf_tables]\n[   64.942452]  ? __kasan_slab_alloc+0x2d/0x60\n[   64.944070]  ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]\n[   64.945710]  ? kasan_set_track+0x21/0x30\n[   64.947323]  nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]\n[   64.948898]  ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]","modified":"2026-04-10T05:06:58.968208Z","published":"2025-10-22T13:23:40Z","references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/86572872505023e3bb461b271c2f25fdaa3dfcd7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"86572872505023e3bb461b271c2f25fdaa3dfcd7"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53701.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.315"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53701.json"}}],"schema_version":"1.7.5"}