CVE-2023-32233

Q: What is the severity of CVE-2023-32233?

CVE-2023-32233 has a CVSS score of 7.8 (HIGH). CVE-2023-32233 is a use-after-free vulnerability in the Linux kernel's Netfilter nf_tables subsystem that allows unprivileged local users to perform arbitrary read/write operations on kernel memory, leading to privilege escalation to root. This affects Linux kernel versions through 6.3.1. The vulnerability occurs due to mishandling of anonymous sets during batch request processing.

7.8 HIGH

📋 TL;DR

CVE-2023-32233 is a use-after-free vulnerability in the Linux kernel's Netfilter nf_tables subsystem that allows unprivileged local users to perform arbitrary read/write operations on kernel memory, leading to privilege escalation to root. This affects Linux kernel versions through 6.3.1. The vulnerability occurs due to mishandling of anonymous sets during batch request processing.

💻 Affected Systems

Products:

Linux Kernel

Versions: Versions through 6.3.1

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires nf_tables subsystem to be enabled (common in modern Linux distributions). Systems with CONFIG_NF_TABLES enabled are vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root privileges, allowing attackers to install persistent malware, exfiltrate sensitive data, or disrupt system operations.

🟠

Likely Case

Local privilege escalation where an attacker with user-level access gains root privileges on the affected system.

🟢

If Mitigated

Limited impact if proper access controls restrict local user accounts and kernel hardening measures are implemented.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Any internal user with shell access can potentially exploit this to gain root privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit code has been publicly released and weaponized. Requires local access to the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 6.3.2 and later, or backported patches for older kernels

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2196105

Restart Required: Yes

Instructions:

1. Update kernel to version 6.3.2 or later. 2. For enterprise distributions, apply vendor-provided security updates. 3. Reboot system after patching.

🔧 Temporary Workarounds

Disable nf_tables module

linux

Temporarily disable the vulnerable nf_tables subsystem if not required

modprobe -r nf_tables
echo 'blacklist nf_tables' >> /etc/modprobe.d/blacklist.conf

Restrict user access

all

Limit local user access to systems until patched

🧯 If You Can't Patch

Implement strict access controls to limit local user accounts
Deploy kernel hardening solutions like SELinux/AppArmor with strict policies

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If version is 6.3.1 or earlier, system may be vulnerable. Check if nf_tables is loaded: lsmod | grep nf_tables

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 6.3.2 or later: uname -r. Check that security updates have been applied via package manager.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages related to nf_tables
Unexpected privilege escalation events
Failed module loading attempts for nf_tables

Network Indicators:

Local privilege escalation is not network-visible

SIEM Query:

source="kernel" AND ("nf_tables" OR "use-after-free") OR event_type="privilege_escalation"

📊 Metadata

CVE ID: CVE-2023-32233

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 8, 2023

Last Updated: May 5, 2025

🔗 References

http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html Patch,Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/05/15/5 Mailing List,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2196105 Issue Tracking,Mitigation,Third Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab Mailing List,Patch
https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab Patch
https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html Mailing List,Third Party Advisory
https://news.ycombinator.com/item?id=35879660 Issue Tracking
https://security.netapp.com/advisory/ntap-20230616-0002/ Mailing List,Third Party Advisory
https://www.debian.org/security/2023/dsa-5402 Mailing List,Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/05/08/4 Mailing List,Patch,Third Party Advisory
http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html Patch,Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/05/15/5 Mailing List,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2196105 Issue Tracking,Mitigation,Third Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab Mailing List,Patch
https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab Patch
https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html Mailing List,Third Party Advisory
https://news.ycombinator.com/item?id=35879660 Issue Tracking
https://security.netapp.com/advisory/ntap-20230616-0002/ Mailing List,Third Party Advisory
https://www.debian.org/security/2023/dsa-5402 Mailing List,Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/05/08/4 Mailing List,Patch,Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Hci Baseboard Management Controller by Netapp

Hci Baseboard Management Controller by Netapp

Hci Baseboard Management Controller by Netapp

Hci Baseboard Management Controller by Netapp

Hci Baseboard Management Controller by Netapp

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable nf_tables module

Restrict user access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities