vulnerability

Huawei EulerOS: CVE-2023-52923: kernel security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Jan 20, 2025	May 7, 2025	Apr 1, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Jan 20, 2025

Added

May 7, 2025

Modified

Apr 1, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: adapt set backend to use GC transaction API

Use the GC transaction API to replace the old and buggy gc API and the
busy mark approach.

No set elements are removed from async garbage collection anymore,
instead the _DEAD bit is set on so the set element is not visible from
lookup path anymore. Async GC enqueues transaction work that might be
aborted and retried later.

rbtree and pipapo set backends does not set on the _DEAD bit from the
sync GC path since this runs in control plane path where mutex is held.
In this case, set elements are deactivated, removed and then released
via RCU callback, sync GC never fails.

Solutions

huawei-euleros-2_0_sp12-upgrade-bpftoolhuawei-euleros-2_0_sp12-upgrade-kernelhuawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelistshuawei-euleros-2_0_sp12-upgrade-kernel-toolshuawei-euleros-2_0_sp12-upgrade-kernel-tools-libshuawei-euleros-2_0_sp12-upgrade-python3-perf

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report