A vulnerability has been identified in NetFilter, a packet filtering and NAT (Network Address Translation) framework within the Linux kernel. This vulnerability can allow local users to escalate privileges to gain root level access, resulting in complete control over the vulnerable system. Multiple Linux kernel releases are affected by this flaw, including the most recent stable channel version, 6.3.1.
The vulnerability tracked as CVE-2023-32233 has not yet been assigned a severity rating or a CVSS base score. This use-after-free vulnerability occurs within the NetFilter nf_tables, which fail to reject invalid batch requests. When invalid configuration updates are accepted, the internal state can become corrupted. Attackers can exploit this by triggering specific invalid batch requests that lead to the corruption of the internal state of the subsystem that result in the elevation of the attackers’ privileges. The mishandling of anonymous sets due to this flaw result in local attackers being able to gain root level privileges, allowing them to perform read and write operations on the kernel memory.
A fix is available from the Linux kernel git repository that can be used to mitigate this flaw. This fix uses two functions that can properly manage the activation and deactivation of anonymous sets in the NetFilter nf_tables subsystem. This can prevent the use-after-free memory corruption that would otherwise allow the attackers to perform their exploit and elevate their privileges to root. Proof of concept (PoC) code for this exploit is set to be released next week, so it is important for users and administrators to fix this flaw as soon as possible to avoid falling victim to this form of attack. However, as this specific attack can only be performed by a local user, this is not likely to be a popular exploit for remote threat actors.