CVE-2023-0179

HIGH

Linux Kernel 5.5.0-5.10.164 - Local Privilege Escalation via Netfilter Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2023-0179. PoCs published by TurtleARM, H4K6, FarrimWildaxe.

AI-analyzed exploit summary This is a functional exploit for CVE-2023-0179, a stack buffer overflow in the nftables subsystem of the Linux kernel (versions 5.5 to 6.2-rc3). The exploit leverages the vulnerability to achieve local privilege escalation (LPE) by overwriting kernel structures and manipulating the modprobe_path to gain root access.

Description

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

Exploits (6)

nomisec WORKING POC 216 stars
by TurtleARM · poc
https://github.com/TurtleARM/CVE-2023-0179-PoC

This is a functional exploit for CVE-2023-0179, a stack buffer overflow in the nftables subsystem of the Linux kernel (versions 5.5 to 6.2-rc3). The exploit leverages the vulnerability to achieve local privilege escalation (LPE) by overwriting kernel structures and manipulating the modprobe_path to gain root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel nftables subsystem (5.5 to 6.2-rc3)
No auth needed
Prerequisites: Unprivileged user access · Linux kernel version 5.5 to 6.2-rc3 · libmnl and libnftnl libraries
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 203 stars
by H4K6 · poc
https://github.com/H4K6/CVE-2023-0179-PoC

This repository contains a functional exploit for CVE-2023-0179, a stack buffer overflow in the nftables subsystem affecting Linux kernels 5.5 to 6.2-rc3. The exploit leverages an info leak to bypass KASLR and achieves local privilege escalation by overwriting the modprobe_path.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel nftables subsystem (versions 5.5 to 6.2-rc3)
No auth needed
Prerequisites: Unprivileged user access · libmnl and libnftnl installed · Linux kernel version 5.5 to 6.2-rc3
devstral-2 · analyzed Feb 16, 2026 Full analysis →
gitlab WORKING POC
by FarrimWildaxe · poc
https://gitlab.com/FarrimWildaxe/CVE-2023-0179-PoC

This repository contains a functional exploit for CVE-2023-0179, a heap overflow vulnerability in the Linux kernel's netfilter subsystem. The exploit leverages nftables rules to achieve local privilege escalation (LPE) by overwriting kernel memory and executing a ROP chain to gain root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel (netfilter/nftables)
No auth needed
Prerequisites: Linux kernel with vulnerable netfilter/nftables implementation · Ability to create nftables rules
devstral-2 · analyzed May 25, 2026 Full analysis →
nomisec WORKING POC
by shakyanayann · poc
https://github.com/shakyanayann/CVE-2023-0179

This repository contains a functional exploit for CVE-2023-0179, a Linux kernel nf_tables heap overflow vulnerability. The exploit leverages a heap-based buffer overflow to achieve local privilege escalation (LPE) by overwriting kernel structures and executing a ROP chain to modify the modprobe_path.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel (nf_tables subsystem)
No auth needed
Prerequisites: Linux kernel with nf_tables support · Local user access · Specific kernel configuration
devstral-2 · analyzed Mar 06, 2026 Full analysis →
nomisec WORKING POC
by prabeershakya · poc
https://github.com/prabeershakya/CVE-2023-0179-POC-

This repository contains a functional exploit for CVE-2023-0179, a Linux kernel vulnerability in nf_tables. The exploit leverages a stack overflow to overwrite the jumpstack and execute a ROP chain, ultimately achieving local privilege escalation by overwriting the modprobe_path.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel 6.1.6 with specific configuration
No auth needed
Prerequisites: Ubuntu 22.04.5 with kernel 6.1.6 · specific kernel configuration · compilation dependencies (libmnl, libnftnl)
devstral-2 · analyzed Mar 04, 2026 Full analysis →
gitlab WORKING POC
by Zibri · poc
https://gitlab.com/Zibri/CVE-2023-0179-PoC

This repository contains a functional proof-of-concept exploit for CVE-2023-0179, a stack buffer overflow in the nftables subsystem affecting Linux kernels 5.5 to 6.2-rc3. The exploit includes code to trigger an info leak and a kernel crash via crafted nftables rules, leveraging unprivileged user and network namespaces.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel nftables subsystem (versions 5.5 to 6.2-rc3)
No auth needed
Prerequisites: libmnl-dev · libnftnl-dev · unprivileged user namespace access
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.8
EPSS 0.0058
EPSS Percentile 69.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-190
Status published
Products (17)
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 20.04
canonical/ubuntu_linux 22.04
fedoraproject/fedora 36
fedoraproject/fedora 37
linux/linux_kernel 5.5.0 - 5.10.164
redhat/codeready_linux_builder
redhat/enterprise_linux 9.0
redhat/enterprise_linux_eus 9.0
... and 7 more
Published Mar 27, 2023
Tracked Since Feb 18, 2026