CVE-2023-53032

MEDIUM EPSS 8.9%
Published Mar 27, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 27, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of an arithmetic expression 2 << (netmask - mask_bits - 1) is subject to overflow due to a failure casting operands to a larger data type before performing the arithmetic. Note that it's harmless since the value will be checked at the next step. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
8.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥3.7  –  <4.14.303
linuxlinux_kernel*≥4.15  –  <4.19.270
linuxlinux_kernel*≥4.20  –  <5.4.229
linuxlinux_kernel*≥5.5  –  <5.10.164
linuxlinux_kernel*≥5.11  –  <5.15.89
linuxlinux_kernel*≥5.16  –  <6.1.7
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/4e6a70fd840400e3a2e784a6673968a3eb2431c0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/511cf17b2447fc41cfef8d71936e1fa53e395c1e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ea4b476cea1b7d461d16dda25ca3c7e616e2d15
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dfd834ccc1b88bbbab81b9046a3a539dd0c2d14f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e137d9bb26bd85ce07323a38e38ceb0b160db841
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e88865876d47c790be0d5e23973499d75d034364
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/feefb33eefa166fc3e0fd17547b0bc0cb3baced9
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/4e6a70fd840400e3a2e784a6673968a3eb2431c0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/511cf17b2447fc41cfef8d71936e1fa53e395c1e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ea4b476cea1b7d461d16dda25ca3c7e616e2d15
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dfd834ccc1b88bbbab81b9046a3a539dd0c2d14f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e137d9bb26bd85ce07323a38e38ceb0b160db841
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e88865876d47c790be0d5e23973499d75d034364
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/feefb33eefa166fc3e0fd17547b0bc0cb3baced9
    Patch