VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2023-54035

CVE-2023-54035

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: fix underflow in chain reference counter

Set element addition error path decrements reference counter on chains twice: once on element release and again via nft_data_release().

Then, d6b478666ffa ("netfilter: nf_tables: fix underflow in object reference counter") incorrectly fixed this by removing the stateful object reference count decrement.

Restore the stateful object decrement as in b91d90368837 ("netfilter: nf_tables: fix leaking object reference count") and let nft_data_release() decrement the chain reference counter, so this is done only once.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A double decrement in nftables chain reference count on error path leads to underflow, fixed underflow, restored stateful object decrement.

Vulnerability

In the Linux kernel's netfilter subsystem, a reference counting bug exists in the nftables chain handling. When adding a set element fails, the error path decrements the chain reference counter twice: once during element release and again via nft_data_release(). This double decrement causes an underflow in the chain reference counter, potentially leading to use-after-free or other memory corruption issues [1].

Exploitation

An attacker with the ability to trigger set element addition failures in nftables (e.g., through crafted netlink messages or specific configuration) can exploit this double decrement. No special privileges beyond the ability to interact with nftables are required, though the attack surface is limited to local users with netfilter capabilities [1].

Impact

Successful exploitation could lead to a denial of service (kernel crash) or potentially arbitrary code execution if the freed chain structure is reallocated and used. The vulnerability affects systems running affected Linux kernel versions prior to the fix [1].

Mitigation

The fix is included in the Linux kernel stable tree as commit b068314fd8ce751a7f906e55bb90f3551815f1a0. Users should update their kernel to include this patch or apply the backport. No workaround is available [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

3
b068314fd8ce
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
9c959671abc7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b389139f12f2
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.