Security researchers have discovered a vulnerability in Linux Netfilter that could give attackers root privileges. More information will be released on May 15th.

The vulnerability has already been assigned a number (CVE-2023-32233) but has not yet received a score to express its severity in a number of ten. Netfilter is part of the Linux kernel that regulates network connections. The vulnerability is believed to stem from a bug in the framework that causes Netfilter to accept invalid updates to its configuration.

It allows attackers to craft invalid batch requests that can lead to system corruption, thereby giving the attackers free access to the Linux kernel. If successful, they can read and rewrite memory in the kernel, taking over an entire system. The vulnerability affects multiple kernel versions, including the latest stable version v6.3.1. Local access to a Linux device is required to exploit the vulnerability.

More information on May 15

No further information is known about the CVE-2023-32233 vulnerability. The Linux development team has only just been made aware of this, and it is common practice to delay public disclosure of the vulnerability to give developers a head start on attackers in creating a fix. On May 15, the researchers will publish their findings and a proof of concept.

A kernel contribution has already been submitted with two new functions for Netfilter to manage the life cycle of anonymous sets. Disabling anonymous sets in a timely manner should prevent Netfilter from accepting invalid updates and malicious individuals from entering the kernel. This should give impetus to the development of a patch.