GHSA-6952-99fq-g3mw · Severity: medium — In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to...
In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.
Conclusion & alert: CVE-2023-52927 is rated Exploit Available (53.6/100): CVSS High severity, with low exploitation likelihood (EPSS 0.29%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.05% | 0.29% | +0.24% |
| 2 | 2025-12-28 | 0.06% | 0.05% | -0.01% |
| 3 | 2025-12-27 | — | 0.06% | — |
Full EPSS history (4 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.8 | 3.1 | HIGH |
|
1.8 | 5.9 | [email protected] |
GHSA-6952-99fq-g3mw · Severity: medium — In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to...
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
unimportant | CVE-2023-52927 unimportant priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. | https://security-tracker.debian.org/tracker/CVE-2023-52927 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2023-52927 |
suse
|
high | — | https://www.suse.com/security/cve/CVE-2023-52927/ |
ubuntu
|
high | CVE-2023-52927 high priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1551 status rows across 10 suites (bionic, focal, jammy, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 1145, released 163, ignored 146, not-affected 87, needed 8, needs-triage 2. | https://ubuntu.com/security/CVE-2023-52927 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| linux | linux_kernel | >= 5.18, < 6.1.130 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.2, < 6.6 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| debian | debian_linux | 11.0 | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/3fa58a6fbd1e9e5682d09cdafb08fba004cb12ec | Broken Link |
| https://git.kernel.org/stable/c/4914109a8e1e494c6aa9852f9e84ec77a5fc643f | Broken Link |
| https://seadragnol.github.io/posts/CVE-2023-52927/ | Exploit Technical Description |
| https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html | Issue Tracking Third Party Advisory |
| https://cert-portal.siemens.com/productcert/html/ssa-082556.html |