Lucene search

K
cveMitreCVE-2023-32233
HistoryMay 08, 2023 - 8:15 p.m.

CVE-2023-32233

2023-05-0820:15:20
CWE-416
mitre
web.nvd.nist.gov
517
linux
kernel
vulnerability
netfilter
nf_tables
cve-2023-32233
security
nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

5.1%

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.

Affected configurations

Nvd
Node
linuxlinux_kernelRange3.134.14.315
OR
linuxlinux_kernelRange4.154.19.283
OR
linuxlinux_kernelRange4.205.4.243
OR
linuxlinux_kernelRange5.55.10.180
OR
linuxlinux_kernelRange5.115.15.111
OR
linuxlinux_kernelRange5.166.1.28
OR
linuxlinux_kernelRange6.26.2.15
OR
linuxlinux_kernelRange6.36.3.2
Node
redhatenterprise_linuxMatch7.0
OR
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linuxMatch9.0
Node
netapphci_baseboard_management_controllerMatchh300s
OR
netapphci_baseboard_management_controllerMatchh410c
OR
netapphci_baseboard_management_controllerMatchh410s
OR
netapphci_baseboard_management_controllerMatchh500s
OR
netapphci_baseboard_management_controllerMatchh700s
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux9.0cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
netapphci_baseboard_management_controllerh300scpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*
netapphci_baseboard_management_controllerh410ccpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*
netapphci_baseboard_management_controllerh410scpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*
netapphci_baseboard_management_controllerh500scpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*
netapphci_baseboard_management_controllerh700scpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

5.1%