In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
28 Sep 2023, 19:07
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp
Netapp hci Baseboard Management Controller |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2023/dsa-5402 - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html - Patch, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/05/15/5 - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230616-0002/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:* |
27 Jul 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jun 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jun 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Jun 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 May 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-416 | |
First Time |
Redhat enterprise Linux
Linux linux Kernel Linux Redhat |
|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References |
|
|
References | (DEBIAN) https://www.debian.org/security/2023/dsa-5402 - Third Party Advisory | |
References | (MISC) https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab - Patch | |
References | (MISC) https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab - Mailing List, Patch | |
References | (MISC) https://www.openwall.com/lists/oss-security/2023/05/08/4 - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://news.ycombinator.com/item?id=35879660 - Issue Tracking | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2196105 - Issue Tracking, Mitigation, Third Party Advisory |
14 May 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 May 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 May 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-08 20:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-32233
Mitre link : CVE-2023-32233
CVE.ORG link : CVE-2023-32233
JSON object : View
Products Affected
netapp
- hci_baseboard_management_controller
redhat
- enterprise_linux
linux
- linux_kernel
CWE
CWE-416
Use After Free