2424970 – (CVE-2023-54035) CVE-2023-54035 kernel: netfilter: nf_tables: fix underflow in chain reference counter

Bug 2424970 (CVE-2023-54035) - CVE-2023-54035 kernel: netfilter: nf_tables: fix underflow in chain reference counter

Summary: CVE-2023-54035 kernel: netfilter: nf_tables: fix underflow in chain reference...

Keywords:
Status:	NEW
Alias:	CVE-2023-54035
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-24 12:04 UTC by OSIDB Bzimport
Modified:	2025-12-25 12:06 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-24 12:04:48 UTC

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: fix underflow in chain reference counter

Set element addition error path decrements reference counter on chains
twice: once on element release and again via nft_data_release().

Then, d6b478666ffa ("netfilter: nf_tables: fix underflow in object
reference counter") incorrectly fixed this by removing the stateful
object reference count decrement.

Restore the stateful object decrement as in b91d90368837 ("netfilter:
nf_tables: fix leaking object reference count") and let
nft_data_release() decrement the chain reference counter, so this is
done only once.

Comment 1 Alexander B 2025-12-25 12:02:02 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122438-CVE-2023-54035-76a5@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.