CVE-2023-54035

netfilter: nf_tables: fix underflow in chain reference counter

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix underflow in chain reference counter Set element addition error path decrements reference counter on chains
twice: once on element release and again via nft_data_release(). Then, d6b478666ffa ("netfilter: nf_tables: fix underflow in object
reference counter") incorrectly fixed this by removing the stateful
object reference count decrement. Restore the stateful object decrement as in b91d90368837 ("netfilter:
nf_tables: fix leaking object reference count") and let
nft_data_release() decrement the chain reference counter, so this is
done only once.

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-12-24 CVE Reserved
2025-12-24 CVE Published
2025-12-24 CVE Updated
2026-04-25 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/628bd3e49cba1c066228e23d71a852c23e26da73	Vuln. Introduced
https://git.kernel.org/stable/c/bc9f791d2593f17e39f87c6e2b3a36549a3705b1	Vuln. Introduced
https://git.kernel.org/stable/c/3c7ec098e3b588434a8b07ea9b5b36f04cef1f50	Vuln. Introduced
https://git.kernel.org/stable/c/a136b7942ad2a50de708f76ea299ccb45ac7a7f9	Vuln. Introduced
https://git.kernel.org/stable/c/25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f8	Vuln. Introduced
https://git.kernel.org/stable/c/d60be2da67d172aecf866302c91ea11533eca4d9	Vuln. Introduced
https://git.kernel.org/stable/c/dc7cdf8cbcbf8b13de1df93f356ec04cdeef5c41	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9c959671abc7d4ffdf34eed10c64492d43cb6a3c	2023-07-19
https://git.kernel.org/stable/c/b389139f12f287b8ed2e2628b72df89a081f0b59	2023-06-26
https://git.kernel.org/stable/c/b068314fd8ce751a7f906e55bb90f3551815f1a0	2023-08-03

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.4.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.4.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.19.316 Search vendor "Linux" for product "Linux Kernel" and version "4.19.316"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.4.262 Search vendor "Linux" for product "Linux Kernel" and version "5.4.262"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.10.188 Search vendor "Linux" for product "Linux Kernel" and version "5.10.188"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15.121 Search vendor "Linux" for product "Linux Kernel" and version "5.15.121"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.1.36 Search vendor "Linux" for product "Linux Kernel" and version "6.1.36"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.3.10 Search vendor "Linux" for product "Linux Kernel" and version "6.3.10"		en		Affected