Login Sign Up

CVE-2023-6040

7.8 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows attackers to achieve out-of-bounds memory access by creating netfilter tables with invalid protocol family values. It affects Linux systems using nf_tables with vulnerable kernel versions. Successful exploitation could lead to kernel memory corruption and potential privilege escalation.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Kernel versions before the fix commit f1082dd31fe4
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires CAP_NET_ADMIN capability or root access to create nf_tables tables

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or privilege escalation to root via kernel memory corruption

🟠

Likely Case

Kernel crash leading to denial of service, potential information disclosure from kernel memory

🟢

If Mitigated

No impact if patched or workarounds applied; unprivileged users cannot exploit by default

🌐 Internet-Facing: LOW - Requires local access or ability to execute code on the system
🏢 Internal Only: MEDIUM - Local attackers or compromised accounts could exploit this vulnerability

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and CAP_NET_ADMIN privileges; no public exploit code available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commit f1082dd31fe4

Vendor Advisory: http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commit f1082dd31fe4
2. Apply kernel live patches if available from distribution vendor
3. Reboot system to load patched kernel

🔧 Temporary Workarounds

Restrict CAP_NET_ADMIN

linux

Limit CAP_NET_ADMIN capability to trusted users only

# Review and restrict users with CAP_NET_ADMIN
# Check: getcap /usr/sbin/*
# Remove: setcap -r /path/to/binary

Disable nf_tables module

linux

Prevent loading of vulnerable nf_tables module

echo 'install nf_tables /bin/false' >> /etc/modprobe.d/disable-nf_tables.conf
rmmod nf_tables

🧯 If You Can't Patch

  • Restrict user access and capabilities to prevent exploitation
  • Implement strict network filtering and monitoring for suspicious nf_tables activity

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if commit f1082dd31fe4 is present: uname -r && git log --oneline | grep f1082dd31fe4

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and commit f1082dd31fe4 is present in kernel source

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • System crash/panic logs
  • Failed nf_tables operations in kernel logs

Network Indicators:

  • Unusual nf_tables table creation attempts

SIEM Query:

source="kernel" AND ("nf_tables" OR "netfilter") AND ("invalid" OR "out of bounds" OR "panic")

📊 Metadata

CVE ID: CVE-2023-6040
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: January 12, 2024
Last Updated: March 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6040, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)