CVE-2023-42753: New Linux Kernel Flaw Allows Code Execution

From the powerful servers that fuel the backbone of the internet to the miniature computing devices in our hands, the Linux Kernel is everywhere. Touted for its robustness and flexibility, Linux is a quintessential piece of software engineering. Yet, as the recent discovery of CVE-2023-42753 showcases, even giants are not exempt from vulnerabilities.

CVE-2023-42753 is not just any vulnerability; it is a chink in the armor of the Linux Kernel, potentially allowing a local, authenticated attacker to run arbitrary code or cause a system halt. At its core, the flaw stems from an integer underflow, an often overlooked type of bug that results from decrementing a value below its possible range. This underflow is linked to an array indexing problem within the netfilter ipset subsystem.


For those unfamiliar, netfilter stands tall as the sentinel of the Linux network stack. It’s the Kernel’s built-in mechanism for filtering packets, performing network address translations, and more. Front-end tools like IPtables and UFW serve as the gatekeepers, interfacing with netfilter to ensure only authorized traffic traverses the network.

As illuminated by the recent advisory, this vulnerability is potentially more threatening than one might anticipate. The nature of the flaw allows pointers to go astray, incrementing or decrementing beyond their intended bounds, leading to undefined behavior.

Enter Kyle Zeng, the vigilant security researcher who not only discovered the vulnerability but also took the lead in alerting the Linux kernel team. Zeng’s thorough analysis led to the development of a proof-of-concept (PoC) exploit, vividly showcasing the exploitation route of CVE-2023-42753.

Digging further, the researcher finds that the root of the issue lies in the netfilter code’s erroneous omission of the `IP_SET_HASH_WITH_NET0` macro in `ip_set_hash_netportnet`. This oversight results in the use of an incorrect `CIDR_POS(c)` macro for calculating array offsets. This might seem trivial, but in the world of programming, such a slight miscalculation can lead to catastrophic outcomes.

A closer examination of the affected versions reveals that Linux kernel versions 6.1, 5.15, and 5.10 are particularly vulnerable to this flaw.

Fortunately, the response from the Linux community has been swift and decisive. A Linux kernel source code commit, spearheaded by Florian Westphal, has been submitted. This patch rectifies the oversight, reincorporating the `IP_SET_HASH_WITH_NET0` macro into `ip_set_hash_netportnet`, nipping the issue in the bud.

This new vulnerability in the Linux kernel is a serious concern for all Linux users. It is important to upgrade to the latest kernel version as soon as possible to protect your system from exploitation.