{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53179","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-15T13:59:19.065Z","datePublished":"2025-09-15T14:04:26.782Z","dateUpdated":"2026-05-11T19:39:47.927Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:39:47.927Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c\n\nThe missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet can\nlead to the use of wrong `CIDR_POS(c)` for calculating array offsets,\nwhich can lead to integer underflow. As a result, it leads to slab\nout-of-bound access.\nThis patch adds back the IP_SET_HASH_WITH_NET0 macro to\nip_set_hash_netportnet to address the issue."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/ipset/ip_set_hash_netportnet.c"],"versions":[{"version":"0d5d0b5c41f766355f2b42c47d13ea001f754c7d","lessThan":"7935b636dd693dfe4483cfef4a1e91366c8103fa","status":"affected","versionType":"git"},{"version":"cb3e590df429ce151d5041884a4947099b8ad6a7","lessThan":"e632d09dffc68b9602d6893a99bfe3001d36cefc","status":"affected","versionType":"git"},{"version":"886503f34d63e681662057448819edb5b1057a97","lessThan":"109e830585e89a03d554bf8ad0e668630d0a6260","status":"affected","versionType":"git"},{"version":"886503f34d63e681662057448819edb5b1057a97","lessThan":"83091f8ac03f118086596f17c9a52d31d6ca94b3","status":"affected","versionType":"git"},{"version":"886503f34d63e681662057448819edb5b1057a97","lessThan":"a9e6142e5f8f6ac7d1bca45c1b2b13b084ea9e14","status":"affected","versionType":"git"},{"version":"886503f34d63e681662057448819edb5b1057a97","lessThan":"7ca0706c68adadf86a36b60dca090f5e9481e808","status":"affected","versionType":"git"},{"version":"886503f34d63e681662057448819edb5b1057a97","lessThan":"d59b6fc405549f7caf31f6aa5da1d6bef746b166","status":"affected","versionType":"git"},{"version":"886503f34d63e681662057448819edb5b1057a97","lessThan":"d95c8420efe684b964e3aa28108e9a354bcd7225","status":"affected","versionType":"git"},{"version":"886503f34d63e681662057448819edb5b1057a97","lessThan":"050d91c03b28ca479df13dfb02bcd2c60dd6a878","status":"affected","versionType":"git"},{"version":"186642845b02e1a7944ef33c3a3ac41eba77517f","status":"affected","versionType":"git"},{"version":"919560afc21f91ca352a20394d5249aba1799690","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/ipset/ip_set_hash_netportnet.c"],"versions":[{"version":"4.20","status":"affected"},{"version":"0","lessThan":"4.20","status":"unaffected","versionType":"semver"},{"version":"4.14.326","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.295","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.257","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.195","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.132","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.53","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.4.16","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5.3","lessThanOrEqual":"6.5.*","status":"unaffected","versionType":"semver"},{"version":"6.6","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.84","versionEndExcluding":"4.14.326"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.5","versionEndExcluding":"4.19.295"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.257"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.10.195"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.15.132"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.1.53"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.4.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.5.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.141"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7935b636dd693dfe4483cfef4a1e91366c8103fa"},{"url":"https://git.kernel.org/stable/c/e632d09dffc68b9602d6893a99bfe3001d36cefc"},{"url":"https://git.kernel.org/stable/c/109e830585e89a03d554bf8ad0e668630d0a6260"},{"url":"https://git.kernel.org/stable/c/83091f8ac03f118086596f17c9a52d31d6ca94b3"},{"url":"https://git.kernel.org/stable/c/a9e6142e5f8f6ac7d1bca45c1b2b13b084ea9e14"},{"url":"https://git.kernel.org/stable/c/7ca0706c68adadf86a36b60dca090f5e9481e808"},{"url":"https://git.kernel.org/stable/c/d59b6fc405549f7caf31f6aa5da1d6bef746b166"},{"url":"https://git.kernel.org/stable/c/d95c8420efe684b964e3aa28108e9a354bcd7225"},{"url":"https://git.kernel.org/stable/c/050d91c03b28ca479df13dfb02bcd2c60dd6a878"}],"title":"netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c","x_generator":{"engine":"bippy-1.2.0"}}}}