What is CVE-2023-54200?

CVE-2023-54200 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.14.15 onward and patched in 5.15.113, 6.1.30, 6.3.4 and others. CVE-2023-54200 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54200?

CVE-2023-54200 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54200?

Yes, CVE-2023-54200 has been patched. Fixed versions include 5.15.113, 6.1.30, 6.3.4 and others. If you are running Linux kernel 5.14.15 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54200 actively exploited?

CVE-2023-54200 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54200

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always release netdev hooks from notifier This reverts "netfilter: nf_tables: skip netdev events generated on netns removal". The problem is that when a veth device is released, the veth release callback will also queue the peer netns device for removal. Its possible that the peer netns is also slated for removal. In this case, the device memory is already released before the pre_exit hook of the peer netns runs: BUG: KASAN: slab-use-after-free in nf_hook_entry_head+0x1b8/0x1d0 Read of size 8 at addr ffff88812c0124f0 by task kworker/u8:1/45 Workqueue: netns cleanup_net Call Trace: nf_hook_entry_head+0x1b8/0x1d0 __nf_unregister_net_hook+0x76/0x510 nft_netdev_unregister_hooks+0xa0/0x220 __nft_release_hook+0x184/0x490 nf_tables_pre_exit_net+0x12f/0x1b0 .. Order is: 1. First netns is released, veth_dellink() queues peer netns device for removal 2. peer netns is queued for removal 3. peer netns device is released, unreg event is triggered 4. unreg event is ignored because netns is going down 5. pre_exit hook calls nft_netdev_unregister_hooks but device memory might be free'd already.

Package Linux Kernel

Published 2025-12-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.14.15, 5.15 and later are affected. Fixed in 5.15.113, 6.1.30, 6.3.4, 6.4 and their respective stable series.

Affected from

≥ 5.14.15 ≥ 5.15

Fixed in

✓ 5.15.113 5.15.x ✓ 6.1.30 6.1.x ✓ 6.3.4 6.3.x ✓ 6.4

References

The following references provide additional information about CVE-2023-54200 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/30e4b13b1bfbdf3bf3b27036d8209ea1b9f0d880
Patch
Kernel patch commit
https://git.kernel.org/stable/c/8d56f00c61f67b450fbbdcb874855e60ad92c560
Patch
Kernel patch commit
https://git.kernel.org/stable/c/94032527efbac13be702c76afb9d872c0cca7a43
Patch

4 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54200?

CVE-2023-54200 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.14.15 onward and has been patched in 5.15.113, 6.1.30, 6.3.4 and others. CVE-2023-54200 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54200?

Yes — CVE-2023-54200 has been patched. Fixed versions include 5.15.113, 6.1.30, 6.3.4 and others. If you are running Linux kernel 5.14.15 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54200 actively exploited?

No — CVE-2023-54200 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.