{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53032","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-03-27T16:40:15.757Z","datePublished":"2025-03-27T16:44:00.286Z","dateUpdated":"2026-05-11T19:37:14.853Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:37:14.853Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.\n\nWhen first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of\nan arithmetic expression 2 << (netmask - mask_bits - 1) is subject\nto overflow due to a failure casting operands to a larger data type\nbefore performing the arithmetic.\n\nNote that it's harmless since the value will be checked at the next step.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with SVACE."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/ipset/ip_set_bitmap_ip.c"],"versions":[{"version":"b9fed748185a96b7cfe74afac4bd228e8af16f01","lessThan":"e137d9bb26bd85ce07323a38e38ceb0b160db841","status":"affected","versionType":"git"},{"version":"b9fed748185a96b7cfe74afac4bd228e8af16f01","lessThan":"dfd834ccc1b88bbbab81b9046a3a539dd0c2d14f","status":"affected","versionType":"git"},{"version":"b9fed748185a96b7cfe74afac4bd228e8af16f01","lessThan":"feefb33eefa166fc3e0fd17547b0bc0cb3baced9","status":"affected","versionType":"git"},{"version":"b9fed748185a96b7cfe74afac4bd228e8af16f01","lessThan":"4e6a70fd840400e3a2e784a6673968a3eb2431c0","status":"affected","versionType":"git"},{"version":"b9fed748185a96b7cfe74afac4bd228e8af16f01","lessThan":"511cf17b2447fc41cfef8d71936e1fa53e395c1e","status":"affected","versionType":"git"},{"version":"b9fed748185a96b7cfe74afac4bd228e8af16f01","lessThan":"e88865876d47c790be0d5e23973499d75d034364","status":"affected","versionType":"git"},{"version":"b9fed748185a96b7cfe74afac4bd228e8af16f01","lessThan":"9ea4b476cea1b7d461d16dda25ca3c7e616e2d15","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/ipset/ip_set_bitmap_ip.c"],"versions":[{"version":"3.7","status":"affected"},{"version":"0","lessThan":"3.7","status":"unaffected","versionType":"semver"},{"version":"4.14.303","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.270","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.229","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.164","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.89","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.7","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"4.14.303"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"4.19.270"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.4.229"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.10.164"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.15.89"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"6.1.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e137d9bb26bd85ce07323a38e38ceb0b160db841"},{"url":"https://git.kernel.org/stable/c/dfd834ccc1b88bbbab81b9046a3a539dd0c2d14f"},{"url":"https://git.kernel.org/stable/c/feefb33eefa166fc3e0fd17547b0bc0cb3baced9"},{"url":"https://git.kernel.org/stable/c/4e6a70fd840400e3a2e784a6673968a3eb2431c0"},{"url":"https://git.kernel.org/stable/c/511cf17b2447fc41cfef8d71936e1fa53e395c1e"},{"url":"https://git.kernel.org/stable/c/e88865876d47c790be0d5e23973499d75d034364"},{"url":"https://git.kernel.org/stable/c/9ea4b476cea1b7d461d16dda25ca3c7e616e2d15"}],"title":"netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.","x_generator":{"engine":"bippy-1.2.0"}}}}