Linux Kernel Netfilter Module Vulnerability (CVE-2023-32233)

14 views
Skip to first unread message

Fleury, Terry

unread,
May 18, 2023, 4:21:09 PM5/18/23
to cv-an...@trustedci.org

CI Operators:

A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel [1] which could allow for local user privilege escalation. The issue is tracked as CVE-2023-2478 [2] and has a CVSS v3 score of 7.8.

 

Impact:

This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user with CAP_NET_ADMIN capability could use this flaw to crash the system or potentially escalate their privileges. On Red Hat O/S variants, local unprivileged users can exploit unprivileged user namespaces (CONFIG_USER_NS) to grant themselves this capability.

 

Affected Software

Linux Kernel < v6.3.1

 

Recommendation:

Update to the latest Linux kernel for your distribution when it becomes available, and then reboot. RHEL 7/8/9, Debian, and Ubuntu are affected [3,4,5]. Until then, there are two potential mitigations.

  1. Prevent the affected netfilter (nf_tables) kernel module from being loaded. However, this may disable your firewall.
  2. Disable user namespaces as follows:
      echo "user.max_user_namespaces=0" > /etc/sysctl.d/userns.conf
      sysctl -p /etc/sysctl.d/userns.conf

However, this approach is not recommended for containerized deployments, since such functionality is required.

 

References:

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2196105

[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32233

[3] https://access.redhat.com/security/cve/CVE-2023-32233

[4] https://security-tracker.debian.org/tracker/CVE-2023-32233

[5] https://ubuntu.com/security/CVE-2023-32233 

 

How Trusted CI can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI cannot provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (https://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.


You are receiving this message because you are subscribed to cv-an...@trustedci.org. The archive of previous alerts is publicly accessible. If you prefer not to receive future alerts, you can unsubscribe.

Fleury, Terry

unread,
May 18, 2023, 4:37:21 PM5/18/23
to cv-an...@trustedci.org

I apologize for the incorrect CVE number in the intro section. The issue is CVE-2023-32233 (not CVE-2023-2478). The links are correct.

 

-Terry

Reply all
Reply to author
Forward
0 new messages