Vulnerability Database

324,382

Total vulnerabilities in the database

CVE-2023-53619

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: Avoid nf_ct_helper_hash uses after free

If nf_conntrack_init_start() fails (for example due to a register_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini() clean-up path frees the nf_ct_helper_hash map.

When built with NF_CONNTRACK=y, further netfilter modules (e.g: netfilter_conntrack_ftp) can still be loaded and call nf_conntrack_helpers_register(), independently of whether nf_conntrack initialized correctly. This accesses the nf_ct_helper_hash dangling pointer and causes a uaf, possibly leading to random memory corruption.

This patch guards nf_conntrack_helper_register() from accessing a freed or uninitialized nf_ct_helper_hash pointer and fixes possible uses-after-free when loading a conntrack module.

  • Published: Oct 7, 2025
  • Updated: Feb 6, 2026
  • CVE: CVE-2023-53619
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 3.6 4.14.322
linux / linux_kernel 4.15 4.19.291
linux / linux_kernel 4.20 5.4.251
linux / linux_kernel 5.5 5.10.188
linux / linux_kernel 5.11 5.15.121
linux / linux_kernel 5.16 6.1.39
linux / linux_kernel 6.2 6.4.4
linux / linux_kernel 6.5-rc1 6.5-rc1.x