CVE-2023-32233 - Use After Free

Severity

78%

Complexity

18%

Confidentiality

98%

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.

CVSS 3.1 Base Score 7.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Demo Examples

Use After Free

CWE-416

The following example demonstrates the weakness.


               
}
free(buf3R2);

Use After Free

CWE-416

The following code illustrates a use after free error:


               
}
free(ptr);
logError("operation aborted before commit", ptr);

When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function.

Overview

Type

Linux

First reported 1 year ago

2023-05-08 20:15:00

Last updated 1 year ago

2023-09-28 19:07:00

Affected Software

Linux Kernel

Red Hat Enterprise Linux (RHEL) 7.0 (7)

7.0

Red Hat Enterprise Linux 8.0

8.0

References

https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab

https://www.openwall.com/lists/oss-security/2023/05/08/4

https://bugzilla.redhat.com/show_bug.cgi?id=2196105

https://news.ycombinator.com/item?id=35879660

DSA-5402

https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab

Patch

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab

Mailing List, Patch

https://www.openwall.com/lists/oss-security/2023/05/08/4

Mailing List, Patch, Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2196105

Issue Tracking, Mitigation, Third Party Advisory

https://news.ycombinator.com/item?id=35879660

Issue Tracking

DSA-5402

Third Party Advisory

[oss-security] 20230515 Re: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory

[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update

https://security.netapp.com/advisory/ntap-20230616-0002/

http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html

[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update

DSA-5402

Mailing List, Third Party Advisory

[oss-security] 20230515 Re: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory

Mailing List, Third Party Advisory

[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230616-0002/

Mailing List, Third Party Advisory

http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html

Patch, Third Party Advisory

[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update

Mailing List, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.