Linux Kernel Vulnerabilities Grant Local Attackers Root Privileges

Linux Kernel Vulnerabilities Grant Local Attackers Root Privileges
3 min read

Two components of the Linux kernel contain security vulnerabilities that grant local attackers root shell access. A first exploit has been made public.

Two components of the Linux kernel are affected by security vulnerabilities that allow local attackers to elevate their privileges. A Use-After-Free vulnerability in the nf_tables module as well as a logic error in FUSE allow unprivileged users to take over the target system with root privileges.

FUSE (Filesystem in Userspace) is used to mount non-Linux filesystems such as NTFS or UDF (DVDs) without requiring the user to have additional privileges (such as root access). Security researchers have now found a way to disrupt the interaction between the Linux kernel and FUSE while copying files, thus gaining root privileges. The security vulnerability affects systems with kernel versions between 5.11 and 5.19, as well as installed FUSE.

A Chinese security researcher using the pseudonym "breeze chenaotian" has published a detailed analysis of the bug and explains that the vulnerable function called kuid_has_mapping makes incorrect user rights assignments in the different namespaces of the Linux kernel under certain conditions. During a test on a freshly installed Ubuntu VM (22.04), heise Security was able to successfully reproduce this FUSE vulnerability using the proof-of-concept exploit. The security vulnerability is listed with the identifier CVE-2023-0386 in the relevant databases and is prioritized as "high" with a CVSS score of 7.8.

Linux Kernel Vulnerabilities Grant Local Attackers Root Privileges

In addition to all Linux systems with vulnerable kernel versions 5.11 to 5.19, a number of Netapp products and probably also Linux-based appliances from other manufacturers are affected. Updated kernel packages for most Linux distributions are still pending, but Ubuntu has already responded by releasing a new kernel.

PoC still under embargo

Relatively little is known about the security vulnerability with ID CVE-2023-32233 in nf_tables. A group of Polish security researchers has published the bug on the oss-sec mailing list and claims to have developed a root exploit for it. However, this will only be published on May 15th - until then, an embargo period applies that is intended to give Linux developers and distributions an opportunity to secure their systems. When manipulating the nf_tables configuration, directly consecutive operations are processed incorrectly under certain circumstances, leading to a faulty memory access (use after free). Again, remote attacks are not possible - attackers therefore need access to a user account on the target system.

According to the discoverers, various current Linux kernel versions are affected, including the current stable kernel 6.3.1. The bug was fixed on May 2nd by a kernel patch, but the major Linux distributions have not yet released updated kernel packages.

In case you have found a mistake in the text, please send a message to the author by selecting the mistake and pressing Ctrl-Enter.
Den W. 3K
I'm a passionate tech enthusiast who loves diving into the world of software, programming, and tech reviews.
Comments (1)
  1. Bogdan Luchka

    Hello! If you want to place a bet on a football team, the website can help you. On this site, you will find many different games and sporting events to bet on. In addition, the site has a user-friendly interface and an app for mobile devices, allowing you to place your bets from anywhere and at any time. Therefore, I recommend installing it.

    1 year ago ·
You must be logged in to comment.

Sign In / Sign Up