Published: 14/03/2025 Updated: 14/03/2025

Linux Kernel Netfilter Expectation Handling Vulnerability Resolved

In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux
linux linux kernel

👋 Hi, I'm Hoàng Hải Long I’m currently learning pwn Focusing on the Linux kernel 🏆 Achievements CVE-2023-52927 | kCTF exp267 🎮 CTFs #11 on pwnabletw

https://nvd.nist.gov https://github.com/seadragnol/seadragnol https://www.first.org/epss https://git.kernel.org/stable/c/3fa58a6fbd1e9e5682d09cdafb08fba004cb12ec https://git.kernel.org/stable/c/4914109a8e1e494c6aa9852f9e84ec77a5fc643f

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-52927

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect