CVE-2023-32233

Public on 2023-05-08
Modified on 2024-01-09
Description
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
Severity
Important severity
Important
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 kernel 2023-05-25 ALAS-2023-1750 Fixed
Amazon Linux 2 - Core kernel 2023-05-25 ALAS2-2023-2050 Fixed
Amazon Linux 2 - Kernel-5.10 Extra kernel 2023-05-25 ALAS2KERNEL-5.10-2023-033 Fixed
Amazon Linux 2 - Kernel-5.15 Extra kernel 2023-05-25 ALAS2KERNEL-5.15-2023-020 Fixed
Amazon Linux 2 - Kernel-5.4 Extra kernel 2023-05-25 ALAS2KERNEL-5.4-2023-046 Fixed
Amazon Linux 2023 kernel 2023-05-25 ALAS2023-2023-184 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.167-147.601 2023-05-25 ALAS2LIVEPATCH-2023-127 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.173-154.642 2023-05-25 ALAS2LIVEPATCH-2023-126 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.176-157.645 2023-05-25 ALAS2LIVEPATCH-2023-125 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.177-158.645 2023-05-25 ALAS2LIVEPATCH-2023-124 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.178-162.673 2023-05-25 ALAS2LIVEPATCH-2023-123 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.179-166.674 2023-05-25 ALAS2LIVEPATCH-2023-122 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.15-28.43 2023-05-25 ALAS2023LIVEPATCH-2023-009 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.19-30.43 2023-05-25 ALAS2023LIVEPATCH-2023-008 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.21-1.45 2023-05-25 ALAS2023LIVEPATCH-2023-007 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.23-36.46 2023-05-25 ALAS2023LIVEPATCH-2023-006 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.25-37.47 2023-05-25 ALAS2023LIVEPATCH-2023-005 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.27-43.48 2023-05-25 ALAS2023LIVEPATCH-2023-004 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H