AI description
CVE-2023-52927 is a vulnerability found in the Linux kernel's netfilter subsystem, specifically affecting the handling of connection tracking expectations. The vulnerability arises in the `nf_ct_find_expectation` function, where connection tracking expectations (`exp`) are prematurely removed from the hash table. This occurs when `nf_conntrack_in()` calls `nf_ct_find_expectation()`. The issue impacts scenarios where the created connection tracking entry is not immediately confirmed, such as in Open vSwitch (OVS) and TC conntrack setups. A patch was developed to address this by allowing the expectation to remain in the hash table by setting `IPS_CONFIRMED` in the status of the template. The fix involves modifications to files including `nfconntrackexpect.h`, `nfconntrackcore.c`, `nfconntrackexpect.c`, and `nft_ct.c`.
- Description
- In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- Hype score
- Not currently trending
CVE-2023-52927 - Turning a Forgotten Syzkaller Report into kCTF Exploit Article by @seadragnol about finding an unfixed netfilter use-after-free bug reported by syzbot. The researcher exploited it to pwn the kernelCTF COS instance. https://t.co/2KMWA3nJJM https://t.co/f2zkqa2hL
@linkersec
17 Jul 2025
3908 Impressions
30 Retweets
99 Likes
32 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2022-38392 2 - CVE-2025-1727 3 - CVE-2023-52927 4 - CVE-2025-25257 5 - CVE-2025-5959 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
13 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-52927: Turning a Forgotten Syzkaller Report into kCTF Exploit by @seadragnol https://t.co/r2oAangpxq https://t.co/Tfhd3pi51w
@alexjplaskett
12 Jul 2025
2605 Impressions
8 Retweets
34 Likes
16 Bookmarks
1 Reply
0 Quotes
2025-07-06 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― CVE-2023-52927 - Turning a Forgotten Syzkaller Report into kCTF Exploit | SeaDragnoL https://t.co/gLofQDy1fg https://t.co/ubZzyhXX0Z
@motikan2010
7 Jul 2025
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2023-20867 2 - CVE-2024-29745 3 - CVE-2025-5777 4 - CVE-2025-49826 5 - CVE-2023-52927 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
6 Jul 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-52927 - Turning a Forgotten Syzkaller Report into kCTF Exploit (authored by @seadragnol): https://t.co/IYF10fzvmo #cve #exploit #exploitation #vulnerability #linux #ctf #kctf https://t.co/P5kcIxH5SD
@ale_sp_brazil
6 Jul 2025
1698 Impressions
3 Retweets
14 Likes
8 Bookmarks
0 Replies
0 Quotes
Writeup for my first kCTF - CVE-2023-52927😋 https://t.co/lyNPDbC6Lg
@seadragnol
6 Jul 2025
9979 Impressions
33 Retweets
180 Likes
69 Bookmarks
4 Replies
0 Quotes
CVE-2023-52927 In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() cal… https://t.co/Dl8bo9r6Pt
@CVEnew
14 Mar 2025
380 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18C959B4-B141-4155-8A5B-CDD1409CC1A2",
"versionEndExcluding": "6.1.130"
}
],
"operator": "OR"
}
]
}
]