CVE-2023-35001

HIGH

Linux Kernel 3.13-4.14.322 - Out-of-bounds Write in nftables nft_byteorder

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-35001. PoCs published by synacktiv, syedhafiz1234, mrbrelax.

AI-analyzed exploit summary This is a functional exploit for CVE-2023-35001, targeting an out-of-bounds read/write vulnerability in nftables on Ubuntu kernel 5.19.0-35. It achieves local privilege escalation by leaking kernel addresses and executing a ROP chain to overwrite credentials.

Description

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

Exploits (3)

nomisec WORKING POC 168 stars

by synacktiv · poc

https://github.com/synacktiv/CVE-2023-35001

View Code ZIP pw:eip

This is a functional exploit for CVE-2023-35001, targeting an out-of-bounds read/write vulnerability in nftables on Ubuntu kernel 5.19.0-35. It achieves local privilege escalation by leaking kernel addresses and executing a ROP chain to overwrite credentials.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel nftables (Ubuntu 5.19.0-35-generic)

No auth needed

Prerequisites: Local access to the target system · Kernel version 5.19.0-35-generic

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 7 stars

by syedhafiz1234 · poc

https://github.com/syedhafiz1234/nftables-oob-read-write-exploit-CVE-2023-35001-

View Code ZIP pw:eip

This is a functional exploit for CVE-2023-35001, targeting an out-of-bounds read/write vulnerability in nftables. It achieves local privilege escalation by leaking kernel addresses and executing a ROP chain to overwrite credentials.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: nftables (Linux kernel 5.19.0-35-generic)

No auth needed

Prerequisites: Local access to the target system · Kernel version 5.19.0-35-generic

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec NO CODE

by mrbrelax · poc

https://github.com/mrbrelax/Exploit_CVE-2023-35001

View Code ZIP pw:eip

References (11)

Core 11

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html

Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html

Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/07/05/3

Patch, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/

Third Party Advisory, VDB Entry

https://security.netapp.com/advisory/ntap-20230824-0007/

Third Party Advisory

https://www.debian.org/security/2023/dsa-5453

Patch, Vendor Advisory issue-tracking

https://lore.kernel.org/netfilter-devel/[email protected]/T/

Mailing List mailing-list

https://www.openwall.com/lists/oss-security/2023/07/05/3

Scores

CVSS v3 7.8

EPSS 0.0215

EPSS Percentile 79.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (9)

debian/debian_linux 11.0

fedoraproject/fedora 37

fedoraproject/fedora 38

linux/linux_kernel 3.13 - 4.14.322

netapp/h300s

netapp/h410c

netapp/h410s

netapp/h500s

netapp/h700s

Published Jul 05, 2023

Tracked Since Feb 18, 2026