Security News > 2023 > May > New Linux kernel NetFilter flaw gives attackers root privileges
A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system.
Netfilter is a packet filtering and network address translation framework built into the Linux kernel that is managed through front-end utilities, such as IPtables and UFW. According to a new advisory published yesterday, corrupting the system's internal state leads to a use-after-free vulnerability that can be exploited to perform arbitrary reads and writes in the kernel memory.
A Linux kernel source code commit was submitted to address the problem by engineer Pablo Neira Ayuso, introducing two functions that manage the lifecycle of anonymous sets in the Netfilter nf tables subsystem.
Security researchers Patryk Sondej and Piotr Krysiuk, who discovered the problem and reported it to the Linux kernel team, developed a PoC that allows unprivileged local users to start a root shell on impacted systems.
The researchers shared their exploit privately with the Linux kernel team to assist them in developing a fix and included a link to a detailed description of the employed exploitation techniques and the source code of the PoC. As the analysts further explained, the exploit will be published next Monday, May 15th, 2023, along with complete details about the exploitation techniques.
Gaining root-level privileges on Linux servers is a valuable tool for threat actors, who are known to monitor Openwall for new security information to use in their attacks.