Home > Vulnerability Database > CVE-2023-32233

Mend.io Vulnerability Database

CVE-2023-32233

Date: May 7, 2023

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.

Language: C

Severity Score

7.8

Related Resources (14)

Url: https://access.redhat.com/security/cve/CVE-2023-32233

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-32233

Url: https://www.debian.org/security/2023/dsa-5402

Url: http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2196105

Url: https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab

Url: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab

Url: https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html

Url: https://www.openwall.com/lists/oss-security/2023/05/08/4

Url: https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html

Url: http://www.openwall.com/lists/oss-security/2023/05/15/5

Url: https://security.netapp.com/advisory/ntap-20230616-0002/

Url: https://news.ycombinator.com/item?id=35879660

Url: https://www.mend.io/vulnerability-database/CVE-2023-32233

Severity Score

7.8

Weakness Type (CWE)

Use After Free

CWE-416

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-32233

Date: May 7, 2023

Language: C

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?