PatchSiren

PatchSiren cyber security CVE debrief

CVE-2023-52620 Linux CVE debrief

CVE-2023-52620 affects the Linux kernel’s netfilter nf_tables path. According to the CVE description, the fix disallows timeout parameters for anonymous sets because those parameters were never intended to be used from userspace. NVD rates the issue as LOW severity with local access, low privileges, high attack complexity, and availability-only impact. The record also links multiple stable-kernel patch references, indicating the issue was addressed through kernel backports.

Vendor
Linux
Product
CVE-2023-52620
CVSS
LOW 2.5
CISA KEV
Not listed in stored evidence
Original CVE published
2024-03-21
Original CVE updated
2026-05-12
Advisory published
2024-03-21
Advisory updated
2026-05-12

Who should care

Linux kernel maintainers, distribution security teams, and administrators running affected Linux kernel releases should care, especially where nftables/netfilter is in use and kernel updates are handled on a regular patch cycle.

Technical summary

NVD lists CVE-2023-52620 for Linux kernel versions up to the following fixed points: before 4.19.312; 4.20 through 5.4.274; 5.5 through 5.10.215; 5.11 through 5.15.151; 5.16 through 6.1.81; 6.2 through 6.4; and 6.4-rc1 through 6.4-rc7. The issue is described as a netfilter nf_tables validation problem where timeout parameters for anonymous sets are now rejected. The CVSS vector provided by NVD is CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L, which points to a locally reachable issue with limited availability impact rather than a confidentiality or integrity compromise.

Defensive priority

Low; apply during normal kernel maintenance, but do not ignore it on systems that routinely accept kernel backports or rely on nftables.

Recommended defensive actions

  • Upgrade to a Linux kernel release that includes the fix, or install the vendor's backported kernel update for your distribution.
  • Verify whether any deployed kernels fall within the affected version ranges listed by NVD, including distribution backports.
  • Follow distribution advisories and kernel stable patch references when planning maintenance windows.
  • If you manage large fleets, include this CVE in your routine kernel compliance and reboot tracking workflow.

Evidence notes

This debrief is based on the official NVD CVE record and the linked kernel patch references. NVD marks the record as modified on 2026-05-12 and provides affected-version ranges plus a CVSS v3.1 vector showing local, low-privilege, high-complexity access with availability-only impact. The CVE description explicitly states that timeout parameters for anonymous sets are disallowed because they were never used from userspace. Debian LTS and Siemens advisory links are also listed in the NVD references, supporting broad downstream awareness.

Official resources

The CVE record was published on 2024-03-21 and last modified on 2026-05-12. NVD’s reference list shows kernel stable patch links and downstream advisories, indicating the fix was propagated through vendor and distribution channels.