Tanguy Dubroca

**Name of the Vulnerable Software and Affected Versions** Linux Kernel versions prior to 5.19.0-35 **Description** The issue is related to the `nft byteorder` function in the Linux Kernel's netfilter subsystem, which poorly handles vm register contents when CAP NET ADMIN is in any user or network namespace. This can lead to an out-of-bounds read/write operation, potentially allowing an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability was exploited at Pwn2Own Vancouver 2023 on Ubuntu desktop, where the exploit supported the kernel version available at the beginning of the event. **Recommendations** For Linux Kernel versions prior to 5.19.0-35, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the `nft byteorder` function until a patch is available. Avoid using the `nft byteorder` function in sensitive operations until the issue is resolved.