CVE-2023-53304
📋 TL;DR
This vulnerability in the Linux kernel's netfilter nft_set_rbtree component causes improper cleanup of expired interval entries during garbage collection. It affects systems using nftables firewall rules with interval sets, potentially leading to memory leaks or incorrect firewall behavior. All Linux systems with vulnerable kernel versions using nftables are affected.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Memory exhaustion leading to kernel panic or system crash, combined with incorrect firewall rule enforcement allowing unauthorized network traffic.
Likely Case
Gradual memory leak causing performance degradation over time, with potential for firewall rules to not expire properly.
If Mitigated
Minimal impact if nftables interval sets are not used; otherwise, performance degradation without system compromise.
🎯 Exploit Status
Exploitation requires specific nftables configuration with interval sets and knowledge of kernel internals; no public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 50cbb9d195c197af671869c8cadce3bd483735a0, 8284a79136c384059e85e278da2210b809730287, 893cb3c3513cf661a0ff45fe0cfa83fe27131f76, 89a4d1a89751a0fbd520e64091873e19cc0979e8, acaee227cf79c45a5d2d49c3e9a66333a462802c
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable nftables interval sets
allRemove or avoid using nftables rules with interval sets until patched.
nft delete rule <family> <table> <chain> <handle>
nft flush ruleset
🧯 If You Can't Patch
- Monitor system memory usage and kernel logs for signs of memory leaks
- Consider using alternative firewall solutions (iptables) instead of nftables
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if nftables with interval sets are configured: 'nft list ruleset' and look for interval keywordCheck Version:
uname -rVerify Fix Applied:
Verify kernel version contains the fix commits: 'uname -r' and check with distribution vendor📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Memory allocation failures in dmesg
- High kernel memory usage in monitoring
Network Indicators:
- Unexpected firewall rule behavior
- Network traffic that should be blocked getting through
SIEM Query:
source="kernel" AND ("out of memory" OR "slab" OR "kmemleak")🔗 References
- https://git.kernel.org/stable/c/50cbb9d195c197af671869c8cadce3bd483735a0
- https://git.kernel.org/stable/c/8284a79136c384059e85e278da2210b809730287
- https://git.kernel.org/stable/c/893cb3c3513cf661a0ff45fe0cfa83fe27131f76
- https://git.kernel.org/stable/c/89a4d1a89751a0fbd520e64091873e19cc0979e8
- https://git.kernel.org/stable/c/acaee227cf79c45a5d2d49c3e9a66333a462802c
- https://git.kernel.org/stable/c/cd66733932399475fe933cb3ec03e687ed401462
- https://git.kernel.org/stable/c/f718863aca469a109895cb855e6b81fff4827d71
