CVE-2023-32233Use After Free in Kernel

CWE-416Use After Free35 documents11 sources
Severity
7.8HIGHNVD
OSV7.1OSV6.6OSV5.5OSV4.7
EPSS
0.7%
top 28.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelNetapp HCI Baseboard Management ControllerRedhat Enterprise Linux
Timeline
PublishedMay 8
Latest updateJul 27

Description

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel3.134.14.315+7
Debianlinux/linux_kernel< 5.10.179-1+3
Ubuntulinux/linux_kernel< 4.15.0-212.223+1

Also affects: Enterprise Linux 7.0, 8.0, 9.0

Patches

Patch: packetstormsecurity.comPatch: git.kernel.orgPatch: github.com

🔴Vulnerability Details

15
OSV
linux-intel-iotg-5.15 vulnerabilities2023-06-14
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2023-06-08
OSV
linux-intel-iotg, linux-raspi vulnerabilities2023-06-08
OSV
linux-azure-fde, linux-azure-fde-5.15 vulnerabilities2023-06-02
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities2023-06-01

📋Vendor Advisories

18
Ubuntu
Linux kernel (IoT) vulnerabilities2023-07-27
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2023-07-12
Ubuntu
Linux kernel vulnerabilities2023-06-22
Ubuntu
Kernel Live Patch Security Notice2023-06-21
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2023-322332023-06-21

💬Community

1
Bugzilla
CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation2023-05-08
CVE-2023-32233 — Use After Free in Linux Kernel | cvebase