Login Sign Up

CVE-2023-3390

7.8 HIGH

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's netfilter subsystem allows local attackers with user access to escalate privileges. The flaw occurs when error handling mishandles NFT_MSG_NEWRULE operations, enabling exploitation of dangling pointers. This affects Linux systems with vulnerable kernel versions.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific vulnerable versions not explicitly stated, but affected versions before commit 1240eb93f0616b21c675416516ff3d74798fdc97
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires netfilter subsystem and nf_tables functionality. Most standard Linux installations include this.

📦 What is this software?

H300s by Netapp

View all CVEs affecting H300s →

H410c by Netapp

View all CVEs affecting H410c →

H410s by Netapp

View all CVEs affecting H410s →

H500s by Netapp

View all CVEs affecting H500s →

H700s by Netapp

View all CVEs affecting H700s →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full root privilege escalation leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain root access on affected systems.

🟢

If Mitigated

Limited impact if proper access controls restrict local user accounts and kernel hardening is implemented.

🌐 Internet-Facing: LOW - Requires local access to exploit, not remotely exploitable.
🏢 Internal Only: HIGH - Any local user account can potentially exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local user access and knowledge of kernel exploitation techniques. No public exploit code referenced in provided information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions including commit 1240eb93f0616b21c675416516ff3d74798fdc97

Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing commit 1240eb93f0616b21c675416516ff3d74798fdc97
2. Check distribution-specific security advisories for patched kernel packages
3. Reboot system after kernel update

🔧 Temporary Workarounds

Restrict nf_tables module loading

linux

Prevent loading of vulnerable nf_tables module if not required

echo 'install nf_tables /bin/false' >> /etc/modprobe.d/disable-nf_tables.conf
rmmod nf_tables

Kernel module blacklisting

linux

Blacklist nf_tables module at boot

echo 'blacklist nf_tables' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Restrict local user access and implement strict privilege separation
  • Implement kernel hardening measures like SELinux/AppArmor to limit impact

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if commit 1240eb93f0616b21c675416516ff3d74798fdc97 is present in kernel source

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commit: git log --oneline | grep 1240eb93f0616b21c675416516ff3d74798fdc97

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • OOM killer activity related to netfilter
  • Unusual privilege escalation attempts

Network Indicators:

  • None - local exploit only

SIEM Query:

Process creation events showing unexpected privilege escalation from user to root

📊 Metadata

CVE ID: CVE-2023-3390
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: June 28, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3390, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)