CVE-2023-52927

Published Mar 14, 2025

Last updated 4 months ago

Linux Kernel

Overview

AI description

Automated description summarized from trusted sources.

CVE-2023-52927 is a vulnerability found in the Linux kernel's netfilter subsystem, specifically affecting the handling of connection tracking expectations. The vulnerability arises in the `nf_ct_find_expectation` function, where connection tracking expectations (`exp`) are prematurely removed from the hash table. This occurs when `nf_conntrack_in()` calls `nf_ct_find_expectation()`. The issue impacts scenarios where the created connection tracking entry is not immediately confirmed, such as in Open vSwitch (OVS) and TC conntrack setups. A patch was developed to address this by allowing the expectation to remain in the hash table by setting `IPS_CONFIRMED` in the status of the template. The fix involves modifications to files including `nfconntrackexpect.h`, `nfconntrackcore.c`, `nfconntrackexpect.c`, and `nft_ct.c`.

Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Received

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

6

  1. 2025-07-06 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― CVE-2023-52927 - Turning a Forgotten Syzkaller Report into kCTF Exploit | SeaDragnoL https://t.co/gLofQDy1fg https://t.co/ubZzyhXX0Z

    @motikan2010

    7 Jul 2025

    112 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2023-20867 2 - CVE-2024-29745 3 - CVE-2025-5777 4 - CVE-2025-49826 5 - CVE-2023-52927 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    6 Jul 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2023-52927 - Turning a Forgotten Syzkaller Report into kCTF Exploit (authored by @seadragnol): https://t.co/IYF10fzvmo #cve #exploit #exploitation #vulnerability #linux #ctf #kctf https://t.co/P5kcIxH5SD

    @ale_sp_brazil

    6 Jul 2025

    1698 Impressions

    3 Retweets

    14 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  4. Writeup for my first kCTF - CVE-2023-52927😋 https://t.co/lyNPDbC6Lg

    @seadragnol

    6 Jul 2025

    9979 Impressions

    33 Retweets

    180 Likes

    69 Bookmarks

    4 Replies

    0 Quotes

  5. CVE-2023-52927 In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() cal… https://t.co/Dl8bo9r6Pt

    @CVEnew

    14 Mar 2025

    380 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.