QwikSec

Security Database

CVE

CWE

Training

CVE-2023-6040

Published: Jan 12, 2024

Modified: Jun 17, 2025

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.

Vendor	Product	Versions
The Linux Kernel Organization	linux	affected `0 - < 5.18-rc1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040

issue-tracking

https://www.openwall.com/lists/oss-security/2024/01/12/1

mailing-list

http://www.openwall.com/lists/oss-security/2024/01/12/1

http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html

https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.