CVE-2023-3777: Use-after-free in Linux kernel's netfilter: nf_tables component
First published: Wed Sep 06 2023(Updated: )
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
Credit: cve-coordination@google.com cve-coordination@google.com cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <5.9.0 | |
| Linux Linux kernel | >=6.0<6.5 | |
| Debian Debian Linux | =12.0 | |
| Linux Linux kernel | >=5.9<5.10.188 | |
| Linux Linux kernel | >=5.11<5.15.123 | |
| Linux Linux kernel | >=5.16<6.1.42 | |
| Linux Linux kernel | >=6.2<6.4.7 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =20.04 | |
| Canonical Ubuntu Linux | =22.04 | |
| redhat/Kernel | <6.5 | 6.5 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.6-1 6.12.9-1 |
Remedy
If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8
- https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8
- https://www.debian.org/security/2023/dsa-5492
- http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
- https://launchpad.net/bugs/cve/CVE-2023-3777
- https://access.redhat.com/errata/RHSA-2024:0431
- https://access.redhat.com/errata/RHSA-2024:0432
- https://access.redhat.com/errata/RHSA-2024:0461
- https://access.redhat.com/errata/RHSA-2024:0439
- https://access.redhat.com/errata/RHSA-2024:0448
- https://bugzilla.redhat.com/show_bug.cgi?id=2237750
- https://git.kernel.org/linus/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8
- https://security-tracker.debian.org/tracker/CVE-2023-3777
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3777
- https://nvd.nist.gov/vuln/detail/CVE-2023-3777
- https://ubuntu.com/security/CVE-2023-3777
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/title
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/remedy
- agent/references
- agent/tags
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-3777
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/last-modified-date
- collector/nvd-cve
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/event
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/6.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/12.0
- version/linux linux kernel/5.9
- version/linux linux kernel/5.11
- version/linux linux kernel/5.16
- version/linux linux kernel/6.2
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/20.04
- version/canonical ubuntu linux/22.04
- package-manager/redhat
- package-manager/debian