Skip to main content
We are aware of an issue after updating to cPanel versions 11.110.0.65, 11.126.0.21, or 11.128.0.11, some cPanel plugins or features are no longer functioning properly including WP Toolkit. Please see the following article for more information and updates:
Update to latest cPanel 110, 126, or 128 versions removes "addonfeatures" directory.

kernel vulnerability CVE-2023-32233

Steven Sublett
  • Updated

Symptoms

The kernel is vulnerable to CVE-2023-32233.

 

Description 

Vulnerability CVE-2023-32233 affects Red Hat Enterprise 7,8, and 9.

  • CloudLinux 7, 8 
  • Alma Linux/Rocky Linux 8,9 ( patched )
  • CentOS 7

Patches for Red Hat Enterprise 8 were released on May 30th and early June 6th, 2023, for Red Hat Enterprise 9. Unfortunately, no patches have been released for servers on Red Hat Enterprise 7 ( CentOS 7/ CloudLinux 7 ). The workarounds or mitigation steps must be followed if patches are unavailable. You can use the below command to determine if the kernel is already patched.

rpm -q kernel --changelog |grep 2023-32233

The command returns the following output on patched servers.

rpm -q kernel --changelog |grep 2023-32233
- netfilter: nf_tables: deactivate anonymous set from preparation phase 
(Florian Westphal) [2196147 2196146] {CVE-2023-32233}

 

Workaround

Please note, that the following steps should be inspected and performed by the server administrators to avoid causing problems in the server environment.

  • Red Hat servers running 8 and 9 kernels can update the kernel to the patched version. To update the kernel, do the following if necessary.
yum update kernel

Schedule a time to reboot the server. It would be best if you did it as soon as possible. New kernels load only after a reboot after the update has been installed. If unable to apply kernel updates, see the following mitigation steps.

 

Option 1: Unload the module if it can be unloaded

Step 1: Unload the module from the running system if loaded ( viable for containers )

modprobe -r nf_tables

Step 2: Blacklist the module from being loaded

echo "blacklist nf_tables" >> /etc/modprobe.d/CVE-2023-32233.conf

Step 3: Force the module to false install

echo "install nf_tables /bin/false" >> /etc/modprobe.d/CVE-2023-32233.conf

Option 2: If unsure whether or not if safe to unload/blacklist the module on non-container environments ( not viable for containers as this is required in container environments )

Step 1: Set max_user_nameservers to 0

echo "user.max_user_namespaces=0" > /etc/sysctl.d/CVE-2023-32233.conf

Step 2: Reload sysctl options

sysctl -p /etc/sysctl.d/CVE-2023-32233.conf

Option 3: If neither options above are available, migrating to a system that has the patches available could be a good option for you.

Related articles

Comments

0 comments

Article is closed for comments.