CVE-2023-52628

Advisory lineage Upstream: 0 Downstream: 27

Downstream

DEBIAN-CVE-2023-52628 DLA-3840-1 RHSA-2024:2394 RHSA-2024:2845 RHSA-2024:2846 RHSA-2024:3414

Modified

Published: 28 Mar 2024, 07:33

Last modified:11 May 2026, 19:30

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

7.1 HIGH

v3.1 (nvd)

EPSS Score

<0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

28 Mar 2024, 07:33

Published

Vulnerability first disclosed

11 May 2026, 19:30

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option support was added. Bug reported by Zero Day Initiative project (ZDI-CAN-21950, ZDI-CAN-21951, ZDI-CAN-21961).

CVSS Metrics

v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux
≥ 49499c3e6e18b7677a63316f3ff54a16533dc28f, < 28a97c43c9e32f437ebb8d6126f9bb7f3ca9521a | ≥ 49499c3e6e18b7677a63316f3ff54a16533dc28f, < cf39c4f77a773a547ac2bcf30ecdd303bb0c80cb | ≥ 49499c3e6e18b7677a63316f3ff54a16533dc28f, < a7d86a77c33ba1c357a7504341172cc1507f0698 | ≥ 49499c3e6e18b7677a63316f3ff54a16533dc28f, < 1ad7b189cc1411048434e8595ffcbe7873b71082 | ≥ 49499c3e6e18b7677a63316f3ff54a16533dc28f, < d9ebfc0f21377690837ebbd119e679243e0099cc | ≥ 49499c3e6e18b7677a63316f3ff54a16533dc28f, < c8f292322ff16b9a2272a67de396c09a50e09dce | ≥ 49499c3e6e18b7677a63316f3ff54a16533dc28f, < fd94d9dadee58e09b49075240fe83423eb1dcd36 | 4.1
linux•linux_kernel
≥ 4.1, < 5.10.198 | ≥ 5.11, < 5.15.132 | ≥ 5.16, < 6.1.54 | ≥ 6.2, < 6.5.4