CVE-2023-32233: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory
First published: Mon May 08 2023(Updated: )
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM QRadar Network Packet Capture | <=7.5.0 - 7.5.0 Update Package 7 | |
| redhat/kernel | <6.4 | 6.4 |
| Linux Kernel | >=3.13<4.14.315 | |
| Linux Kernel | >=4.15<4.19.283 | |
| Linux Kernel | >=4.20<5.4.243 | |
| Linux Kernel | >=5.5<5.10.180 | |
| Linux Kernel | >=5.11<5.15.111 | |
| Linux Kernel | >=5.16<6.1.28 | |
| Linux Kernel | >=6.2<6.2.15 | |
| Linux Kernel | >=6.3<6.3.2 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| netapp hci baseboard management controller | =h300s | |
| netapp hci baseboard management controller | =h410c | |
| netapp hci baseboard management controller | =h410s | |
| netapp hci baseboard management controller | =h500s | |
| netapp hci baseboard management controller | =h700s | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Remedy
If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab
- https://www.openwall.com/lists/oss-security/2023/05/08/4
- http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html
- http://www.openwall.com/lists/oss-security/2023/05/15/5
- https://bugzilla.redhat.com/show_bug.cgi?id=2196105
- https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html
- https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
- https://news.ycombinator.com/item?id=35879660
- https://security.netapp.com/advisory/ntap-20230616-0002/
- https://www.debian.org/security/2023/dsa-5402
- https://exchange.xforce.ibmcloud.com/vulnerabilities/254654
- https://www.ibm.com/support/pages/node/7160961 (Advisory)
- https://seclists.org/oss-sec/2023/q2/133
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2196105#c7
- https://access.redhat.com/solutions/41278
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2196105#c9
- https://docs.kernel.org/admin-guide/sysctl/user.html#max-user-namespaces
- https://ubuntu.com/security/CVE-2023-32233
- https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2021-12-03/finding/V-230548
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2196105#c12
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2196105#c13
- https://access.redhat.com/errata/RHSA-2023:3349
- https://access.redhat.com/errata/RHSA-2023:3351
- https://access.redhat.com/errata/RHSA-2023:3350
- https://access.redhat.com/errata/RHSA-2023:3470
- https://access.redhat.com/errata/RHSA-2023:3465
- https://access.redhat.com/errata/RHSA-2023:3490
- https://access.redhat.com/errata/RHSA-2023:3705
- https://access.redhat.com/errata/RHSA-2023:3708
- https://access.redhat.com/errata/RHSA-2023:3723
- https://access.redhat.com/errata/RHSA-2023:3853
- https://access.redhat.com/errata/RHSA-2023:3852
- https://access.redhat.com/errata/RHSA-2023:4125
- https://access.redhat.com/errata/RHSA-2023:4126
- https://access.redhat.com/errata/RHSA-2023:4145
- https://access.redhat.com/errata/RHSA-2023:4130
- https://access.redhat.com/errata/RHSA-2023:4146
- https://access.redhat.com/errata/RHSA-2023:4262
- https://access.redhat.com/errata/RHSA-2023:4255
- https://access.redhat.com/errata/RHSA-2023:4256
- https://access.redhat.com/errata/RHSA-2023:4699
- https://access.redhat.com/errata/RHSA-2023:4696
- https://access.redhat.com/errata/RHSA-2023:5419
- https://access.redhat.com/errata/RHSA-2023:5574
- https://access.redhat.com/errata/RHSA-2023:5621
- https://access.redhat.com/errata/RHSA-2023:5622
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32233
- https://nvd.nist.gov/vuln/detail/CVE-2023-32233
- https://launchpad.net/bugs/cve/CVE-2023-32233
- https://security-tracker.debian.org/tracker/CVE-2023-32233
- https://git.kernel.org/linus/c1592a89942e9678f7d9c8030efa777c0d57edab
- https://www.openwall.com/lists/oss-security/2023/05/15/5
Frequently Asked Questions
What is the severity of CVE-2023-32233?
CVE-2023-32233 has been classified as a critical vulnerability due to the potential for unprivileged local users to obtain root privileges.
How do I fix CVE-2023-32233?
To fix CVE-2023-32233, update the Linux kernel to version 6.3.2 or later, or apply specific patches provided by your Linux distribution.
Which systems are affected by CVE-2023-32233?
CVE-2023-32233 impacts various versions of the Linux kernel, specifically versions prior to 6.3.2, including several distributions like Red Hat and Debian.
What type of vulnerability is CVE-2023-32233?
CVE-2023-32233 is a use-after-free vulnerability in the Netfilter nf_tables subsystem of the Linux kernel.
Can CVE-2023-32233 be exploited remotely?
CVE-2023-32233 cannot be exploited remotely as it requires unprivileged local users to access the vulnerable system.
- collector/nvd-latest
- collector/oss-sec
- alias/CVE-2023-32233
- agent/type
- agent/author
- agent/title
- agent/weakness
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- collector/usn-cve
- source/Ubuntu
- agent/first-publish-date
- agent/event
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/references
- agent/description
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- vendor/ibm
- canonical/ibm qradar network packet capture
- version/ibm qradar network packet capture/7.5.0 - 7.5.0 update package 7
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.13
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.3
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- vendor/netapp
- canonical/netapp hci baseboard management controller
- version/netapp hci baseboard management controller/h300s
- version/netapp hci baseboard management controller/h410c
- version/netapp hci baseboard management controller/h410s
- version/netapp hci baseboard management controller/h500s
- version/netapp hci baseboard management controller/h700s
- package-manager/debian