CVE-2023-3390: Use-after-free in Linux kernel's netfilter subsystem
A flaw in the Linux Kernel found in the Netfilter nf_tables (net/netfilter/nf_tables_api.c). It can lead to use after free vulnerability in nftables when handling sets that are both named and anonymous in batch requests. Nftables allows creating a named set that can be also marked as anonymous by setting the NFT_SET_ANONYMOUS flag. When a rule referencing this malformed set is destroyed, the set gets destroyed as well, as the set is marked anonymous. It is possible to get nftables to destroy the rule, by mangling certain bytes within the rule's bytecode. As this is a named set, the set can be referenced in a different rule at which point it triggers a use after free. The caveat is that all of this needs to be performed in a batch transaction. This is because the reference of any set created in a batch transaction remains in the transactions list even after the set is destroyed. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97
Affected Software
Remediation
Mitigation
Event History
Frequently Asked Questions
What is the severity of CVE-2023-3390?
CVE-2023-3390 has a medium severity rating, indicating a significant impact on affected systems.
How do I fix CVE-2023-3390?
To fix CVE-2023-3390, update your Linux Kernel to the latest versions specified in your distribution's release notes.
Which systems are affected by CVE-2023-3390?
CVE-2023-3390 affects various versions of the Linux Kernel, specifically those ranging from 3.16 to 6.4.
What type of vulnerability is CVE-2023-3390?
CVE-2023-3390 is a use-after-free vulnerability specifically occurring in the Netfilter nf_tables implementation.
Can CVE-2023-3390 lead to remote code execution?
Yes, CVE-2023-3390 could potentially allow an attacker to execute arbitrary code on affected systems.