Summary
A Proof of Concept (PoC) is available for CVE-2023-3390 – already fixed by the – already fixed by the developer community – present in the netfilter subsystem and in particular in the net/netfilter/nf_tables_api.c component of the Linux Kernel.
This vulnerability, if exploited, could allow an attacker to elevate their privileges and execute arbitrary code on the target systems.
Risk
Estimate of the impact of the vulnerability on the reference community: HIGH/ORANGE (70.25/100)1.
Type
- Privilege Escalation
- Arbitrary Code Execution
Affected products and versions
Linux Kernel, versions from 3.16 and prior to 6.4
Mitigation actions
If not done, it is recommended to promptly update the vulnerable products to the latest available version.
Unique Vulnerability Identifiers
References
https://security-tracker.debian.org/tracker/CVE-2023-3390
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
