CVE-2023-4147

HIGH

Linux Kernel >=5.9 <5.10.190 - Use-After-Free in Netfilter NFTA_RULE_CHAIN_ID

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-4147. PoCs published by murdok1982.

AI-analyzed exploit summary The repository contains a Python-based exploit for CVE-2023-4147, which targets a Netlink socket vulnerability in the Linux kernel's nftables subsystem. The exploit constructs a malicious payload to trigger a use-after-free (UAF) condition by manipulating NFTA_RULE_CHAIN_ID.

Description

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

Exploits (1)

nomisec WORKING POC

by murdok1982 · poc

https://github.com/murdok1982/Exploit-en-Python-para-CVE-2023-4147

View Code ZIP pw:eip

The repository contains a Python-based exploit for CVE-2023-4147, which targets a Netlink socket vulnerability in the Linux kernel's nftables subsystem. The exploit constructs a malicious payload to trigger a use-after-free (UAF) condition by manipulating NFTA_RULE_CHAIN_ID.

Classification

Working Poc 80%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Linux kernel (nftables subsystem)

No auth needed

Prerequisites: Linux system with vulnerable kernel · Python 3.8+ · libc.so.6

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (14)

Core 14

Core References

Mailing List, Patch

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211

Mailing List, Patch

https://www.spinics.net/lists/stable/msg671573.html

Mailing List

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

Third Party Advisory

https://www.debian.org/security/2023/dsa-5480

Third Party Advisory

https://www.debian.org/security/2023/dsa-5492

Vendor Advisory

https://security.netapp.com/advisory/ntap-20231020-0006/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:5069

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:5091

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:5093

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:7382

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:7389

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:7411

Patch, Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2023-4147

Issue Tracking, Patch, Third Party Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2225239

Scores

CVSS v3 7.8

EPSS 0.0056

EPSS Percentile 42.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (11)

debian/debian_linux 10.0

debian/debian_linux 11.0

debian/debian_linux 12.0

fedoraproject/fedora 38

linux/linux_kernel 6.5 rc1 (3 CPE variants)

linux/linux_kernel 5.9 - 5.10.190

redhat/enterprise_linux 9.0

redhat/enterprise_linux_eus 9.2

redhat/enterprise_linux_for_real_time 9.0

redhat/enterprise_linux_for_real_time_for_nfv 9.0

... and 1 more

Published Aug 07, 2023

Tracked Since Feb 18, 2026