CVE-2023-32233

high

Description

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.

References

https://www.openwall.com/lists/oss-security/2023/05/08/4

https://www.debian.org/security/2023/dsa-5402

https://security.netapp.com/advisory/ntap-20230616-0002/

https://news.ycombinator.com/item?id=35879660

https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html

https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html

https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab

https://bugzilla.redhat.com/show_bug.cgi?id=2196105

http://www.openwall.com/lists/oss-security/2023/05/15/5

http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html

Details

Source: Mitre, NVD

Published: 2023-05-08

Updated: 2023-09-28

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High