Linux Kernel Netfilter Module Vulnerability (CVE-2023-32233)

Skip to first unread message

Fleury, Terry

May 18, 2023, 4:21:09 PM5/18/23

CI Operators:

A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel [1] which could allow for local user privilege escalation. The issue is tracked as CVE-2023-2478 [2] and has a CVSS v3 score of 7.8.



This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user with CAP_NET_ADMIN capability could use this flaw to crash the system or potentially escalate their privileges. On Red Hat O/S variants, local unprivileged users can exploit unprivileged user namespaces (CONFIG_USER_NS) to grant themselves this capability.


Affected Software

Linux Kernel < v6.3.1



Update to the latest Linux kernel for your distribution when it becomes available, and then reboot. RHEL 7/8/9, Debian, and Ubuntu are affected [3,4,5]. Until then, there are two potential mitigations.

  1. Prevent the affected netfilter (nf_tables) kernel module from being loaded. However, this may disable your firewall.
  2. Disable user namespaces as follows:
      echo "user.max_user_namespaces=0" > /etc/sysctl.d/userns.conf
      sysctl -p /etc/sysctl.d/userns.conf

However, this approach is not recommended for containerized deployments, since such functionality is required.









How Trusted CI can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI cannot provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us ( if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.

You are receiving this message because you are subscribed to The archive of previous alerts is publicly accessible. If you prefer not to receive future alerts, you can unsubscribe.

Fleury, Terry

May 18, 2023, 4:37:21 PM5/18/23

I apologize for the incorrect CVE number in the intro section. The issue is CVE-2023-32233 (not CVE-2023-2478). The links are correct.



Reply all
Reply to author
0 new messages