CVE-2023-31248

Published on: Not Yet Published

Last Modified on: 09/11/2023 07:15:00 PM UTC

CVE-2023-31248

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

CVE-2023-31248 has been assigned by secu[email protected] to track the vulnerability - currently rated as HIGH severity.
Affected Vendor/Software: Linux - Linux Kernel version = v5.9-rc1

CVSS3 Score: 7.8 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
LOCAL	LOW	LOW	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVE References

Description	Tags ^ⓘ	Link
Kernel Live Patch Security Notice LSN-0097-1 ≈ Packet Storm	packetstormsecurity.com text/html	MISC packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html
[SECURITY] Fedora 38 Update: kernel-headers-6.4.4-200.fc38 - package-announce - Fedora Mailing-Lists	lists.fedoraproject.org text/html	MISC lists.fedoraproject.org/archives/list/[email protected]/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/
[SECURITY] Fedora 37 Update: kernel-tools-6.4.4-100.fc37 - package-announce - Fedora Mailing-Lists	lists.fedoraproject.org text/html	MISC lists.fedoraproject.org/archives/list/[email protected]/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/
Kernel Live Patch Security Notice LSN-0096-1 ≈ Packet Storm	packetstormsecurity.com text/html	MISC packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html
oss-security - CVE-2023-31248 - Linux kernel nf_tables UAF when using nft_chain_lookup_byid	www.openwall.com text/html	MISC www.openwall.com/lists/oss-security/2023/07/05/2
[PATCH] netfilter: nf_tables: do not ignore genmask when looking up chain by id	lore.kernel.org text/html	MISC lore.kernel.org/netfilter-devel/[email protected]/T/
[SECURITY] [DLA 3512-1] linux-5.10 security update	lists.debian.org text/html	MISC lists.debian.org/debian-lts-announce/2023/08/msg00001.html
Debian -- Security Information -- DSA-5453-1 linux	www.debian.org Depreciated Link text/html	MISC www.debian.org/security/2023/dsa-5453
oss-security - CVE-2023-31248 - Linux kernel nf_tables UAF when using nft_chain_lookup_byid	www.openwall.com text/html	MISC www.openwall.com/lists/oss-security/2023/07/05/2

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

199604 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6246-1)
199607 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6247-1)
199608 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6250-1)
199610 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6248-1)
199612 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6255-1)
199618 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6260-1)
199651 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6285-1)
284333 Fedora Security Update for kernel (FEDORA-2023-e4e985b5dd)
284334 Fedora Security Update for kernel (FEDORA-2023-3661f028b8)
355591 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2023-024
355616 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2023-037
355632 Amazon Linux Security Advisory for kernel : ALAS2023-2023-251
378710 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0079)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Operating System	Fedoraproject	Fedora	38	All	All	All
Operating System	Linux	Linux Kernel	5.9.0	rc1	All	All

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*:
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@oss_security	CVE-2023-31248 - Linux kernel nf_tables UAF when using nft_chain_lookup_byid: Posted by Thadeu Lima de Souza Cascar… twitter.com/i/web/status/1…	2023-07-05 17:47:33
@CVEreport	CVE-2023-31248 : #Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_… twitter.com/i/web/status/1…	2023-07-05 19:05:04
@bienpnn	PoC for CVE-2023-31248. This was used to exploit Ubuntu Desktop at Pwn2Own Vancouver 2023. github.com/kungfulon/nf-t…	2023-07-06 03:27:58
@cracbot	CVE-2023-31248 (CVSS:7.8, HIGH) is Awaiting Analysis. Linux Kernel nftables Use-After-Free Local Privilege Escalati… twitter.com/i/web/status/1…	2023-07-06 06:00:12
@vuldb	We have just added an important vulnerability affecting Linux Kernel (CVE-2023-31248) vuldb.com/?id.233025	2023-07-06 18:30:03
@TheZDIBugs	[ZDI-23-899\|CVE-2023-31248] (Pwn2Own) Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability… twitter.com/i/web/status/1…	2023-07-07 16:10:47
@ksg93rd	#exploit 1. CVE-2023-31248: Linux Kernel nftables UAF LPE github.com/kungfulon/nf-t… 2. CVE-2023-30990: Unauthenticat… twitter.com/i/web/status/1…	2023-07-08 17:34:40