New Vulnerable Linux Netfilter Element Discovered by Safety Researchers
Safety researchers have recently discovered a new vulnerable Linux Netfilter nucleus element that allows local users without privileges to increase their rights to the ROOT level and receive full control over the system. The vulnerability is monitored by the identifier cve-2023-32233 and is associated with the fact that Netfilter NF_TABLES accepts invalid updates of its configuration, which can be used to violate the internal state of the subsystem using incorrect requests.
Netfilter is a framework built into the Linux nucleus that filters packages and broadcasts network addresses (NAT), which is controlled through utilities such as IPTables and UFW. The violation of the internal state of systems leads to vulnerabilities of the USE-AFTER-FREE type, as reported in a recent publication by Openwall. This type of vulnerability can be used to perform arbitrary readings and notes in the nucleus.
According to the report, vulnerability affects several versions of the Linux nucleus, including the current stable version V6.3.1. However, local access to the Linux device is required for vulnerability exploitation. Security researchers Patrick Sondey and Peter Krysyuk also managed to create PoC exploits that are usually classified according to the type of vulnerability that they use, whether they are local or remote, and the result of the start of exploit, such as EOP, DOS, or Spulping. One of the schemes offering explosion of zero day is Exploit-A-A-Service.
This new vulnerability is of significant concern as it can allow unauthorized users to acquire control over the system. Linux users are advised to take the necessary precautions to protect their devices against these types of vulnerabilities.