Low severity2.5NVD Advisory· Published Mar 21, 2024· Updated May 12, 2026
CVE-2023-52620
CVE-2023-52620
Description
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: disallow timeout for anonymous sets
Never used from userspace, disallow these parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A low-severity vulnerability in the Linux kernel's netfilter nf_tables allows timeout parameters for anonymous sets, which were never intended for userspace use, potentially leading to unexpected behavior.
Vulnerability
Overview
CVE-2023-52620 is a low-severity issue in the Linux kernel's netfilter subsystem, specifically in the nf_tables module. The vulnerability arises because the kernel accepted timeout parameters for anonymous sets, even though these sets are never used from userspace. This oversight could allow the configuration of timeout values that have no practical effect, potentially leading to resource mismanagement or unexpected behavior.
Exploitation and
Attack Surface
Exploitation of this vulnerability requires the ability to create or modify nftables rules, which typically demands root privileges or CAP_NET_ADMIN. An attacker with such access could set timeout parameters on anonymous sets, but since these sets are not exposed to userspace, the impact is limited. The attack surface is narrow, as it depends on local access and specific kernel configuration.
Impact
The primary impact is the potential for resource exhaustion or misconfiguration within the kernel's netfilter framework. However, due to the low severity (CVSS 2.5) and the fact that anonymous sets are not user-visible, the practical risk is minimal. The vulnerability is more of a hardening issue than an exploitable security flaw.
Mitigation
The fix, committed to the Linux kernel, disallows timeout parameters for anonymous sets, ensuring they are ignored. Users should apply kernel updates from their distribution. The vulnerability is also listed in a Siemens advisory [1] affecting the SIMATIC S7-1500 TM MFP GNU/Linux subsystem, where appropriate patches should be applied.
References
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
138cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <4.19.312
- cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.4:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.4:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.4:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.4:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.4:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.4:rc7:*:*:*:*:*:*
- osv-coords129 versionspkg:rpm/almalinux/bpftoolpkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-64kpkg:rpm/almalinux/kernel-64k-corepkg:rpm/almalinux/kernel-64k-debugpkg:rpm/almalinux/kernel-64k-debug-corepkg:rpm/almalinux/kernel-64k-debug-develpkg:rpm/almalinux/kernel-64k-debug-devel-matchedpkg:rpm/almalinux/kernel-64k-debug-modulespkg:rpm/almalinux/kernel-64k-debug-modules-corepkg:rpm/almalinux/kernel-64k-debug-modules-extrapkg:rpm/almalinux/kernel-64k-develpkg:rpm/almalinux/kernel-64k-devel-matchedpkg:rpm/almalinux/kernel-64k-modulespkg:rpm/almalinux/kernel-64k-modules-corepkg:rpm/almalinux/kernel-64k-modules-extrapkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-devel-matchedpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-corepkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-debug-uki-virtpkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-devel-matchedpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-corepkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-rtpkg:rpm/almalinux/kernel-rt-corepkg:rpm/almalinux/kernel-rt-debugpkg:rpm/almalinux/kernel-rt-debug-corepkg:rpm/almalinux/kernel-rt-debug-develpkg:rpm/almalinux/kernel-rt-debug-modulespkg:rpm/almalinux/kernel-rt-debug-modules-corepkg:rpm/almalinux/kernel-rt-debug-modules-extrapkg:rpm/almalinux/kernel-rt-develpkg:rpm/almalinux/kernel-rt-modulespkg:rpm/almalinux/kernel-rt-modules-corepkg:rpm/almalinux/kernel-rt-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-uki-virtpkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-devel-matchedpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-corepkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/libperfpkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perfpkg:rpm/almalinux/rtlapkg:rpm/almalinux/rvpkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_13&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_56&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 7.3.0-427.13.1.el9_4+ 128 more
- (no CPE)range: < 7.3.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.0-427.13.1.el9_4
- (no CPE)range: < 5.14.21-150500.55.62.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.33.51.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2.150500.6.27.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.33.51.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.33.51.1
- (no CPE)range: < 5.14.21-150500.55.62.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.33.51.1
- (no CPE)range: < 4.12.14-16.182.1
- (no CPE)range: < 4.12.14-16.182.1
- (no CPE)range: < 5.14.21-150500.55.62.2.150500.6.27.2
- (no CPE)range: < 5.14.21-150500.55.62.2.150500.6.27.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 1-150500.11.5.1
- (no CPE)range: < 1-150500.11.3.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 4.12.14-10.182.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 4.12.14-10.182.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.33.51.1
- (no CPE)range: < 4.12.14-16.182.1
- (no CPE)range: < 4.12.14-16.182.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 4.12.14-10.182.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.33.51.1
- (no CPE)range: < 4.12.14-16.182.1
- (no CPE)range: < 4.12.14-16.182.1
- (no CPE)range: < 5.14.21-150500.55.62.1
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 4.12.14-122.216.1
- (no CPE)range: < 4.12.14-10.182.1
- (no CPE)range: < 5.14.21-150500.13.52.1
- (no CPE)range: < 5.14.21-150500.55.62.2
- (no CPE)range: < 1-8.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524envdPatch
- git.kernel.org/stable/c/116b0e8e4673a5faa8a739a19b467010c4d3058cnvdPatch
- git.kernel.org/stable/c/49ce99ae43314d887153e07cec8bb6a647a19268nvdPatch
- git.kernel.org/stable/c/6f3ae02bbb62f151b19162d5fdc9fe3d48450323nvdPatch
- git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1bnvdPatch
- git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4abnvdPatch
- lists.debian.org/debian-lts-announce/2024/06/msg00017.htmlnvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd
News mentions
0No linked articles in our index yet.