Critical Linux Kernel Flaw – Unprivileged Users Gain Root Control
Linux Flaw Grants Root Control – Local Users Exploit Privilege Escalation Vulnerability
A critical flaw has been discovered in the Linux NetFilter kernel, exposing a vulnerability that enables unprivileged local users to escalate their privileges to root level, granting them complete control over a system. The flaw, identified as CVE-2023-32233, is yet to be assigned a severity level. The security issue arises from Netfilter nf_tables, which accepts invalid updates to its configuration, leading to the corruption of the subsystem’s internal state in specific scenarios.
Netfilter serves as a packet filtering and network address translation (NAT) framework integrated into the Linux kernel, managed through front-end utilities like IPtables and UFW. A recent advisory highlights that corrupting the internal state triggers a use-after-free vulnerability, allowing arbitrary reads and writes in the kernel memory.
Security researchers shared a proof-of-concept (PoC) exploit on the Openwall mailing list, demonstrating the exploitation of CVE-2023-32233. The impact of this vulnerability extends to multiple Linux kernel releases, including the current stable version 6.3.1. However, local access to a Linux device is required to exploit the flaw.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
Linux Kernel Patch Addresses Critical Flaw as Researchers Prepare to Release Privilege Escalation Exploit
In response to the issue, engineer Pablo Neira Ayuso submitted a Linux kernel source code commit to address the problem. This commit introduces two functions that manage the lifecycle of anonymous sets in the Netfilter nf_tables subsystem. By appropriately managing the activation and deactivation of anonymous sets and preventing further updates, the fix prevents memory corruption and the possibility of attackers leveraging the use-after-free issue to escalate privileges to root level.
Security researchers Patryk Sondej and Piotr Krysiuk, who discovered the flaw, reported it to the Linux kernel team and developed a PoC exploit that allows unprivileged local users to initiate a root shell on affected systems. The researchers shared the exploit privately with the Linux kernel team, aiding in the development of a fix and providing a detailed description of the employed exploitation techniques and the PoC’s source code.
The researchers plan to make the exploit public on Monday, May 15th, 2023, along with comprehensive details about the exploitation techniques. Following the linux-distros list policy, the exploit must be published within seven days from the advisory. This forthcoming publication aims to increase awareness and facilitate timely remediation efforts.
Trending: Malware Analysis Tool: retoolkit
Linux Kernel Vulnerability Highlights the Value of Root-Level Privileges for Threat Actors
While CVE-2023-32233 requires remote attackers to establish local access to a target system before exploitation, the significance lies in the fact that gaining root-level privileges on Linux servers is a coveted asset for threat actors. These actors often monitor platforms like Openwall for new security information to exploit in their attacks.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com