CVE-2023-3995
Published: 3 August 2023
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2023-4147.
From the Ubuntu Security Team
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle rule additions to bound chains in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
Mitigation
If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211
- https://google.github.io/security-research/kernelctf/rules
- https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230723144148.26231-1-pablo@netfilter.org/
- https://ubuntu.com/security/notices/USN-6315-1
- https://ubuntu.com/security/notices/USN-6316-1
- https://ubuntu.com/security/notices/USN-6318-1
- https://ubuntu.com/security/notices/USN-6321-1
- https://ubuntu.com/security/notices/USN-6325-1
- https://ubuntu.com/security/notices/USN-6328-1
- https://ubuntu.com/security/notices/USN-6330-1
- https://ubuntu.com/security/notices/USN-6332-1
- https://ubuntu.com/security/notices/USN-6348-1
- https://ubuntu.com/security/notices/USN-6385-1
- https://www.cve.org/CVERecord?id=CVE-2023-3995
- NVD
- Launchpad
- Debian