Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

New Linux kernel flaw allows privileges

May 10, 2023
Reading Time: 2 mins read
in Alerts
New Linux kernel flaw allows privileges

 

A newly discovered vulnerability in the Linux NetFilter kernel allows unprivileged local users to gain root-level privileges, giving them complete control over a system. The CVE-2023-32233 identifier has been reserved for the vulnerability, and a severity level has yet to be determined.

Netfilter nf_tables is a packet filtering and network address translation framework that is built into the Linux kernel and managed through front-end utilities like IPtables and UFW.

The vulnerability occurs due to Netfilter nf_tables accepting invalid updates to its configuration, leading to the corruption of the subsystem’s internal state. This can then cause a use-after-free vulnerability that can be exploited to perform arbitrary reads and writes in the kernel memory.

Security researchers have created a proof-of-concept (PoC) exploit to demonstrate the exploitation of CVE-2023-32233, and it will be published along with complete details about the exploitation techniques on Monday, May 15th, 2023.

The researchers who discovered the problem and reported it to the Linux kernel team have developed a PoC that allows unprivileged local users to start a root shell on impacted systems. The exploit will be published to comply with the linux-distros list policy, which requires the exploit to be published within 7 days from the advisory.

To exploit the vulnerability, the attacker first requires local access to a Linux device.

A Linux kernel source code commit was submitted to address the problem by engineer Pablo Neira Ayuso, introducing two functions that manage the lifecycle of anonymous sets in the Netfilter nf_tables subsystem. The fix prevents memory corruption and the possibility of attackers exploiting the use-after-free issue to escalate their privileges to root level by properly managing the activation and deactivation of anonymous sets and preventing further updates.

While gaining root-level privileges on Linux servers is a valuable tool for threat actors, a mitigating factor for CVE-2023-32233 is that remote attackers first must establish local access to a target system to exploit it.

Reference:
  • [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory
Tags: Cyber AlertCyber Alerts 2023LinuxMalwareMay 2023NetFilterProof-of-concept (PoC)Vulnerability
ADVERTISEMENT

Related Posts

Hackers Revive SEO Poisoning

Hackers Revive SEO Poisoning

July 10, 2025
Hackers Revive SEO Poisoning

RondoDox Botnet Exploits Router Flaws

July 10, 2025
Hackers Revive SEO Poisoning

ServiceNow Data Exposure via ACLs

July 10, 2025
Hackers Use Leaked Shellter License Malware

Windows BitLocker Vulnerability Flaw

July 9, 2025
Hackers Use Leaked Shellter License Malware

Hackers Use Leaked Shellter License Malware

July 9, 2025
Hackers Use Leaked Shellter License Malware

Anatsa Android Trojan Targets 90K Users

July 9, 2025

Latest Alerts

RondoDox Botnet Exploits Router Flaws

ServiceNow Data Exposure via ACLs

Hackers Revive SEO Poisoning

Windows BitLocker Vulnerability Flaw

Anatsa Android Trojan Targets 90K Users

Hackers Use Leaked Shellter License Malware

Subscribe to our newsletter

    Latest Incidents

    Bitcoin Depot Breach Exposes Data

    McDonald’s AI Hiring Bot Exposes Data

    Nippon Steel Solutions Data Breach

    Norwegian Municipalities Hit by Data Breach

    Credit Reports Breached And Sold On Dark Web

    Recruiting Software Exposed 26M Resumes

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial