CVE-2023-53200: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53200 is a vulnerability discovered in the Linux kernel's netfilter subsystem, specifically in the x_tables component. The vulnerability was disclosed on September 15, 2025, affecting the percpu counter block management when creating new network namespaces (NVD, Debian Tracker).

The vulnerability involves a memory leak in the error path when creating new network namespaces. The issue occurs in the allocation stack involving __alloc_percpu, xt_percpu_counter_alloc, find_check_entry, and translate_table functions. The leak happens specifically when xt_register_table fails, as there is no proper cleanup of the counter block. The vulnerability manifests in the code path: ip6t_register_table -> translate_table -> xt_register_table (Debian Tracker).

The impact of this vulnerability is considered low, as the probability of hitting this error path is minimal. The leak only occurs when xt_register_table returns ENOMEM (out of memory) during the creation of new network namespaces, and only in scenarios where all previous allocations succeeded but the final allocation in xt_register_table failed (Debian Tracker).

The vulnerability has been fixed in various Linux distributions. Ubuntu has released fixes in version 5.15.0-79.86 for Ubuntu 22.04 LTS and corresponding versions for other supported releases. Debian has addressed the issue in version 6.1.148-1 for bookworm and 6.12.43-1 for trixie (Ubuntu, Debian Tracker).