May 10, 2023

Critical RCE Vulnerability in Linux Kernel

A novel Linux NetFilter kernel use-after-free vulnerability has been discovered, allows unprivileged local users to escalate their privileges to root level and perform code execution, and potentially total control over a machine.

The Vulnerability

• CVE-2023-32233 –  An use-after-free in Netfilter nf_tables when processing batch requests, allows remote attackers to execute arbitrary code (RCE) on Linux Kernel through version 6.3.1.

Affected Linux-Kernel Versions

• All Linux kernel versions, including the current stable version, v6.3.1.

Mitigation

Although a new version that fixes the vulnerability has not been released, A Linux kernel source code commit was submitted to address the problem, introducing two functions that manage the lifecycle of anonymous sets in the Netfilter nf_tables subsystem.

CYREBRO recommends to examine the commit and implement it if possible, and pay attention to the release of new versions of the Linux kernel and update immediately.

References: NIST