PoC Exploit Releases for Linux Kernel Escalate Privileges Flaw (CVE-2023-35001)

by do son · Published September 1, 2023 · Updated September 1, 2023

A cybersecurity researcher from Synacktiv has released the details and a proof-of-concept (PoC) exploit for a high-severity vulnerability (CVE-2023-35001) that exists in the Linux kernel. The vulnerability has a CVSS score of 7.8, which means it is considered to be a critical vulnerability.

The vulnerability exists in the processing of nft chains. Nft chains are used to manage network traffic rules in the Linux kernel. The vulnerability results from incorrect pointer scaling, which can result in memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.

The vulnerability was discovered by Tanguy Dubroca (@SidewayRE) from Synacktiv working with Trend Micro’s Zero Day Initiative. Emphasizing the gravity of the CVE-2023-35001 vulnerability, Synacktiv’s researchers showcased a proof-of-concept (PoC) exploit, which had earlier been weaponized in “pwn2own Vancouver 2023” on an Ubuntu desktop. Notably, the exploit was tailored to support the kernel version 5.19.0-35, available at the event’s onset.

To exploit this vulnerability, an attacker would need to first obtain the ability to execute low-privileged code on the target system. Once they have this ability, they could then use the exploit to escalate privileges and gain control of the system.

This vulnerability is a serious threat to the security of Linux systems. Systems running affected versions of the Linux kernel should be patched as soon as possible.

To protect yourself from this vulnerability, you should: