Unrated severityNVD Advisory· Published Mar 27, 2025· Updated May 4, 2025
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
CVE-2023-53032
Description
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of an arithmetic expression 2 << (netmask - mask_bits - 1) is subject to overflow due to a failure casting operands to a larger data type before performing the arithmetic.
Note that it's harmless since the value will be checked at the next step.
Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.
Affected products
16- osv-coords14 versionspkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_68&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 4.12.14-122.258.1+ 13 more
- (no CPE)range: < 4.12.14-122.258.1
- (no CPE)range: < 3.0.101-108.186.1
- (no CPE)range: < 4.12.14-122.258.1
- (no CPE)range: < 4.12.14-122.258.1
- (no CPE)range: < 3.0.101-108.186.1
- (no CPE)range: < 3.0.101-108.186.1
- (no CPE)range: < 4.12.14-122.258.1
- (no CPE)range: < 4.12.14-122.258.1
- (no CPE)range: < 3.0.101-108.186.1
- (no CPE)range: < 4.12.14-122.258.1
- (no CPE)range: < 4.12.14-122.258.1
- (no CPE)range: < 3.0.101-108.186.1
- (no CPE)range: < 3.0.101-108.186.1
- (no CPE)range: < 1-8.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/4e6a70fd840400e3a2e784a6673968a3eb2431c0mitre
- git.kernel.org/stable/c/511cf17b2447fc41cfef8d71936e1fa53e395c1emitre
- git.kernel.org/stable/c/9ea4b476cea1b7d461d16dda25ca3c7e616e2d15mitre
- git.kernel.org/stable/c/dfd834ccc1b88bbbab81b9046a3a539dd0c2d14fmitre
- git.kernel.org/stable/c/e137d9bb26bd85ce07323a38e38ceb0b160db841mitre
- git.kernel.org/stable/c/e88865876d47c790be0d5e23973499d75d034364mitre
- git.kernel.org/stable/c/feefb33eefa166fc3e0fd17547b0bc0cb3baced9mitre
News mentions
0No linked articles in our index yet.