If exploited, these flaws can allow attackers to gain unauthorized access to sensitive information or generally cause problems
Few days ago information was released about three vulnerabilities in Linux which are considered of utmost importance, although they have a CVSS score of 7.8, they allow the execution of arbitrary code by a user without privileges within the system, in addition to the fact that one of them has been present desde Linux 3.13.
Vulnerabilities They were detected several weeks ago and the disclosure of these was made according to the grace period established so that developers could resolve such errors within the Linux Kernel.
About the three vulnerabilities in the Linux kernel, two of them affect the Kernel in a general way, while one of them affects Ubuntu (although it is also taken into account that it can affect other distributions).
Local privilege escalation vulnerability use-after-free
The first of the vulnerabilities detected is, CVE-2023-31248Which is a vulnerability in the Netfilter subsystem which allows a local user to execute your code at the kernel level.
Regarding the problem of vulnerability, it is mentioned that this occurs when accessing memory after it is freed (use-after-free) in the nf_tables module, which guarantees the operation of the nftables packet filter, due to the lack of a proper check of the state of the chain during the processing of the search operation on the chain by the function nft_chain_lookup_byid, which does not exclude the return of a reference to the string nf_tables already remote.
For the attack to be successful, access to nftables is required, which can be obtained with CAP_NET_ADMIN rights to any user namespace or network namespace that can be provided, for example, in isolated containers.
Vulnerability manifested as of kernel 5.9 (the code that caused the vulnerability was not backported to previous LTS kernel branches) and the fix for the issue is currently only available as a patch. Another workaround given to mitigate this issue mentions that it is possible to prevent the affected code from loading by blacklisting the kernel netfilter module.
Bad Pointer Privilege Escalation Vulnerability in nftables
The second vulnerability detected is CVE-2023-35001, which is a vulnerability in the nf_tables module which allows a local user to execute your code at the kernel level. vulnerability is due to incorrect pointer manipulation when processing nft_byteorder expressions, which can cause access to a memory area beyond the end of the array.
The operation requires CAP_NET_ADMIN rights, and an attacker can exploit this vulnerability to increase privileges and execute arbitrary code in the kernel context.
Regarding the vulnerability, it is mentioned that the linked verification flaw allows a local attacker with CAP_NET_ADMIN access to cause a local privilege escalation problem due to incorrect data alignment.
About the problem, it is mentioned that it has been around since kernel 3.13 and so far it has only been fixed in the form of a patch.
Privilege escalation vulnerability in Ubuntu
The last of the vulnerabilities is CVE-2023-1829, which is a vulnerability in the tcindex traffic classifier, which is part of the QoS (Quality of service) subsystem of the Linux kernel.
As such, it is mentioned that the vulnerability allows an unprivileged local user to execute privileged Linux kernel code.
The ability to exploit the vulnerability has been demonstrated on Ubuntu. The problem is caused by the failure to check for the existence of an object before performing an operation to clear the memory associated with it, leading to a double call to the free() function.
The issue is resolved by removing the tcindex kernel module, starting with the 6.3 branch, included with the kernel for Ubuntu and Debian.
Finally it is mentioned that the vulnerability was fixed in April and as an additional security solution the automatic loading of the cls_tcindex module can be disabled by adding the file /etc/modprobe.d/blacklist-tcindex.conf with the line «blacklist cls_tcindex”.