Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013229)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013229 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix memleak when more than 255 elements expired When more than 255 elements...

CVE-2026-23351

A flaw was found in the Linux kernel's netfilter component, specifically within the nftsetpipapo module. A local attacker could exploit a use-after-free vulnerability when a large number of expired elements are present. This can cause the garbage collection GC process to run for an extended perio...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990916)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990916 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989112)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989112 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990067)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990067 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between...

SUSE CVE-2023-52924

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map "1.2.3.4 : jump foo" 2. timeouts are enabl...

CVE-2023-52924

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map "1.2.3.4 : jump foo" 2. timeouts are enabl...

DEBIAN-CVE-2023-52924

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map "1.2.3.4 : jump foo" 2. timeouts are enabl...

UBUNTU-CVE-2023-52924

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map "1.2.3.4 : jump foo" 2. timeouts are enabl...

CVE-2023-52925 netfilter: nf_tables: don't fail inserts if duplicate has expired

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't fail inserts if duplicate has expired nftables selftests fail: run-tests.sh testcases/sets/0044intervaloverlap0 Expected: 0-2 . 0-3, got: W: FAILED ./testcases/sets/0044intervaloverlap0: got 1 Insertion...

CVE-2023-52925

CVE-2023-52925 relates to the Linux kernel nf_tables code. The vulnerability concerns how nf_tables handles inserts for duplicate set entries when some duplicates have expired. The description states that the system should ignore expired duplicates and not fail inserts, noting an asymmetry in nft...

CVE-2023-52924 netfilter: nf_tables: don't skip expired elements during walk

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map "1.2.3.4 : jump foo" 2. timeouts are enabl...

CVE-2023-52924

CVE-2023-52924 describes a Linux kernel vulnerability in nf_tables/netfilter where expired elements were wrongly skipped during a set walk, causing use-count inconsistencies and potential WARNs during chain removal. The issue arises in asymmetry between preparation/commit phases when a set elemen...

CVE-2023-52924 netfilter: nf_tables: don't skip expired elements during walk

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map "1.2.3.4 : jump foo" 2. timeouts are enabl...

CVE-2023-52924

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map "1.2.3.4 : jump foo" 2. timeouts are enabl...

SUSE CVE-2023-52581

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix memleak when more than 255 elements expired When more than 255 elements expired we're supposed to switch to a new gc container structure. This never happens: u8 type will wrap before reaching the boundary...

UBUNTU-CVE-2023-52433

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an alrea...

CVE-2023-52433

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an alrea...