CVE-2023-2163

Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe
code paths being incorrectly marked as safe, resulting in arbitrary read/write in
kernel memory, lateral privilege escalation, and container escape.

La poda incorrecta del verificador en BPF en el kernel de Linux >=5.4 conduce a que las rutas de código inseguras se marquen incorrectamente como seguras, lo que resulta en lectura/escritura arbitraria en la memoria del kernel, escalada de privilegios lateral y escape de contenedor.

An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape.

Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.

This update for the Linux Kernel 5.14.21-150400_24_81 fixes several issues. The following security issues were fixed. Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation. Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. Fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation. Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-04-18 CVE Reserved
2023-08-18 CVE Published
2024-08-08 First Exploit
2025-02-27 CVE Updated
2025-06-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-682: Incorrect Calculation

CAPEC

CAPEC-233: Privilege Escalation

References (5)

URL	Tag	Source

URL	Date	SRC
https://packetstorm.news/files/id/179995	2024-08-08
https://github.com/letsr00t/CVE-2023-2163	2024-11-27

URL	Date	SRC
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed	2024-05-21

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-2163	2024-03-13
https://bugzilla.redhat.com/show_bug.cgi?id=2240249	2024-03-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 5.4.242 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.4.242"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.10.179 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.179"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.15.109 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.109"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 6.1.26 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.1.26"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.2.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.2.13"		-		Affected