PT-2023-3559 · Linux+10 · Linux Kernel+10

Sidewayre

+1

·

Published

2023-07-04

·

Updated

2025-09-29

·

CVE-2023-35001

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 5.19.0-35
Description The issue is related to the nft byteorder function in the Linux Kernel's netfilter subsystem, which poorly handles vm register contents when CAP NET ADMIN is in any user or network namespace. This can lead to an out-of-bounds read/write operation, potentially allowing an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability was exploited at Pwn2Own Vancouver 2023 on Ubuntu desktop, where the exploit supported the kernel version available at the beginning of the event.
Recommendations For Linux Kernel versions prior to 5.19.0-35, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the nft byteorder function until a patch is available. Avoid using the nft byteorder function in sensitive operations until the issue is resolved.

Exploit

Fix

DoS

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALSA-2023:5069
ALSA-2023:5091
ALSA-2023:5244
ALSA-2023_5069
ALSA-2023_5091
ALSA-2024_1607
ALSA-2024_2394
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2023-4638
ALT-PU-2023-8472
ALT-PU-2024-4263
ALT-PU-2024-4843
BDU:2023-03778
CESA-2023_5221
CESA-2023_5244
CESA-2023_5255
CVE-2023-35001
DLA-3512-1
DLA-3710-1
DSA-5453-1
ELSA-2023-12842
ELSA-2023-5069
ELSA-2023-5244
ELSA-2023-5622
LSN-0096-1
LSN-0097-1
MGASA-2023-0237
MGASA-2023-0243
OESA-2023-1448
OPENSUSE-SU-2023_3171-1
OPENSUSE-SU-2023_3172-1
OPENSUSE-SU-2023_3180-1
OPENSUSE-SU-2023_3182-1
OPENSUSE-SU-2023_3302-1
OPENSUSE-SU-2023_3318-1
OPENSUSE-SU-2023_3391-1
OPENSUSE-SU-2023_3392-1
OPENSUSE-SU-2023_3630-1
OPENSUSE-SU-2023_3644-1
OPENSUSE-SU-2023_3647-1
OPENSUSE-SU-2023_3648-1
OPENSUSE-SU-2023_3653-1
OPENSUSE-SU-2023_3657-1
OPENSUSE-SU-2023_3659-1
OPENSUSE-SU-2023_3671-1
OPENSUSE-SU-2023_3676-1
RHSA-2023:4961
RHSA-2023:4962
RHSA-2023:4967
RHSA-2023:5069
RHSA-2023:5091
RHSA-2023:5093
RHSA-2023:5221
RHSA-2023:5235
RHSA-2023:5238
RHSA-2023:5244
RHSA-2023:5255
RHSA-2023:5414
RHSA-2023:5548
RHSA-2023:5574
RHSA-2023:5575
RHSA-2023:5603
RHSA-2023:5604
RHSA-2023:5621
RHSA-2023:5622
RHSA-2023:5627
RHSA-2023:7243
RHSA-2023_5069
RHSA-2023_5091
RHSA-2023_5244
RHSA-2023_5255
RHSA-2023_5621
RHSA-2023_5622
RHSA-2024:1268
RHSA-2024:1269
RHSA-2024:1278
RLSA-2023:5091
RLSA-2023:5244
RLSA-2023_5091
RLSA-2023_5244
ROSA-SA-2023-2241
RXSA-2023:5244
SUSE-SU-2023:3006-1
SUSE-SU-2023:3171-1
SUSE-SU-2023:3172-1
SUSE-SU-2023:3180-1
SUSE-SU-2023:3182-1
SUSE-SU-2023:3302-1
SUSE-SU-2023:3309-1
SUSE-SU-2023:3318-1
SUSE-SU-2023:3324-1
SUSE-SU-2023:3349-1
SUSE-SU-2023:3390-1
SUSE-SU-2023:3391-1
SUSE-SU-2023:3392-1
SUSE-SU-2023:3421-1
SUSE-SU-2023:3566-1
SUSE-SU-2023:3571-1
SUSE-SU-2023:3572-1
SUSE-SU-2023:3576-1
SUSE-SU-2023:3582-1
SUSE-SU-2023:3585-1
SUSE-SU-2023:3592-1
SUSE-SU-2023:3594-1
SUSE-SU-2023:3595-1
SUSE-SU-2023:3596-1
SUSE-SU-2023:3598-1
SUSE-SU-2023:3603-1
SUSE-SU-2023:3607-1
SUSE-SU-2023:3612-1
SUSE-SU-2023:3620-1
SUSE-SU-2023:3621-1
SUSE-SU-2023:3622-1
SUSE-SU-2023:3623-1
SUSE-SU-2023:3627-1
SUSE-SU-2023:3628-1
SUSE-SU-2023:3629-1
SUSE-SU-2023:3630-1
SUSE-SU-2023:3631-1
SUSE-SU-2023:3632-1
SUSE-SU-2023:3644-1
SUSE-SU-2023:3647-1
SUSE-SU-2023:3648-1
SUSE-SU-2023:3653-1
SUSE-SU-2023:3657-1
SUSE-SU-2023:3659-1
SUSE-SU-2023:3668-1
SUSE-SU-2023:3671-1
SUSE-SU-2023:3675-1
SUSE-SU-2023:3676-1
SUSE-SU-2023:3677-1
SUSE-SU-2023_3006-1
SUSE-SU-2023_3171-1
SUSE-SU-2023_3172-1
SUSE-SU-2023_3180-1
SUSE-SU-2023_3182-1
SUSE-SU-2023_3318-1
SUSE-SU-2023_3390-1
SUSE-SU-2023_3391-1
SUSE-SU-2023_3392-1
USN-6246-1
USN-6247-1
USN-6248-1
USN-6250-1
USN-6251-1
USN-6252-1
USN-6254-1
USN-6255-1
USN-6260-1
USN-6261-1
USN-6285-1
USN-6460-1
ZDI-23-900

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu