CVE-2023-53033

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53033
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53033.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53033
Downstream
Related
Published
2025-03-27T16:44:01.044Z
Modified
2026-03-20T12:32:55.497576Z
Summary
netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits

If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet + vlan header are copied directly from the skbuff data area.

Fix incorrect arithmetic operator: subtract, not add, the size of the vlan header in case of double-tagged packets to adjust the length accordingly to address CVE-2023-0179.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53033.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f6ae9f120dada00abfb47313364c35118469455f
Fixed
550efeff989b041f3746118c0ddd863c39ddc1aa
Fixed
a8acfe2c6fb99f9375a9325807a179cd8c32e6e3
Fixed
76ef74d4a379faa451003621a84e3498044e7aa3
Fixed
696e1a48b1a1b01edad542a1ef293665864a4dd0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53033.json"