CVE-2023-32233 — HIGH (7.8)

Q: How severe is CVE-2023-32233?

CVE-2023-32233 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-32233?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Netapp Hci Baseboard Management Controller.

Vulnerability Description

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 3.13, < 4.14.315
Redhat	Enterprise Linux	7.0
Netapp	Hci Baseboard Management Controller	h300s

Related Weaknesses (CWE)

CWE-416

References

http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/05/15/5Mailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2196105Issue TrackingMitigationThird Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592Mailing ListPatch
https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edaPatch
https://lists.debian.org/debian-lts-announce/2023/06/msg00008.htmlThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.htmlMailing ListThird Party Advisory
https://news.ycombinator.com/item?id=35879660Issue Tracking
https://security.netapp.com/advisory/ntap-20230616-0002/Mailing ListThird Party Advisory
https://www.debian.org/security/2023/dsa-5402Mailing ListThird Party Advisory
https://www.openwall.com/lists/oss-security/2023/05/08/4Mailing ListPatchThird Party Advisory
http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2023/05/15/5Mailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2196105Issue TrackingMitigationThird Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592Mailing ListPatch

FAQ

What is CVE-2023-32233?

CVE-2023-32233 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged lo...

How severe is CVE-2023-32233?

CVE-2023-32233 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-32233?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Netapp Hci Baseboard Management Controller.