QwikSec

Security Database

CVE

CWE

Training

CVE-2023-32233

Published: May 8, 2023

Modified: May 5, 2025

PUBLISHED

Description

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openwall.com/lists/oss-security/2023/05/08/4

https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab

https://news.ycombinator.com/item?id=35879660

https://bugzilla.redhat.com/show_bug.cgi?id=2196105

vendor-advisory

[oss-security] 20230515 Re: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory

mailing-list

[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update

mailing-list

https://security.netapp.com/advisory/ntap-20230616-0002/

http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html

[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.