www.belgium.be Logo of the federal government

Warning: Linux kernel allows escalation to root privileges in Netfilter, Patch Immediately!

Advisory #2023-55
Affected software: 
Netfilter nf_tables in Linux Kernel version 6.3.1 and earlier
Privilege escalation / Arbitrary code execution

CVE-2023-32233 : Not scored yet




A use-after-free vulnerability in the NetFilter nf_tables allows an unprivileged attacker to escalate their privileges to root, giving them complete control of the targeted system. Exploitation requires local access to the Linux device. There Is no indication that the vulnerability is being exploited at the moment of this advisory, but a proof-of-concept (PoC) will be published on the 15th of May. A source code commit was submitted to the Linux kernel and the Issue has been fixed.


NetFilter is a Network Address Translation (NAT) framework build into the Linux kernel and the vulnerability affects all versions including the latest one (Linux kernel version 6.3.1).

NetFilter nf_tables fails to reject invalid batch requests that are used to update its configuration. As a result, its internal state is corrupted and the vulnerability can be abused to perform arbitrary read and write operations on kernel memory. The vulnerability still awaits a CVSS 3.1 score calculation but the Centre for Cybersecurity Belgium assesses this vulnerability is important to critical since it is easy to exploit and part of the Linux kernel spread all over the world.

Recommended Actions

The Centre for Cybersecurity Belgium strongly recommends system administrators to patch their Linux systems after thorough testing.

Please check your Linux vendor's security page to find the specific patch. Some initial references are already available on the NVD reference below.