CVE-2023-32233 Vulnerability Solution for AlmaLinux 8.8

addweb-Nilesh · June 9, 2023, 7:10am

We want to apply solution for the cve-2023-32233 vulnerability in AlmaLinux release 8.8 (CVE-2023-32233: Privilege escalation in Linux Kernel due to a Netfilter nf_tables vulnerability) and while executing the suggested command, we are getting below error.

cat /proc/sys/kernel/unprivileged_userns_clone file not available

We got below reply from many users to contact Alma Linux Support

If the /proc/sys/kernel/unprivileged_userns_clone file is not available on your AlmaLinux server, it indicates that the unprivileged_userns_clone feature is not enabled or supported in the current kernel configuration.

In that case, you may need to explore alternative options or consult the AlmaLinux community or support resources to inquire about the availability and support of the unprivileged_userns_clone feature specific to your AlmaLinux version and kernel.

They will be in the best position to provide guidance on enabling the feature, suggest alternative solutions, or inform you if the feature is not available in your particular AlmaLinux version or kernel configuration. Edited

sej7278 · June 9, 2023, 10:01am

sysctl -w kernel.unprivileged_userns_clone=0

is the debian mitigation.

the redhat mitigation is:

echo “user.max_user_namespaces=0” > /etc/sysctl.d/userns.conf
sysctl -p /etc/sysctl.d/userns.conf

addweb-Nilesh · June 9, 2023, 10:04am

We have already tried this steps and getting mentioned issue during below command in AlmaLinux 8.8

sysctl -p /etc/sysctl.d/userns.conf

sej7278 · June 9, 2023, 10:31am

yeah its those quotes, this works:

echo user.max_user_namespaces=0 > /etc/sysctl.d/userns.conf
sysctl -p /etc/sysctl.d/userns.conf

looks like there’s a kernel update to fix it anyway: 4.18.0-477.13.1.el8_8

addweb-Nilesh · June 9, 2023, 10:58am

Getting the same issue.

cat /proc/sys/kernel/unprivileged_userns_clone file not available

sej7278 · June 9, 2023, 11:19am

well yeah you will, as you’re doing a test for debian on an almalinux machine

jlehtone · June 9, 2023, 11:47am

The cve-details shows that Red Hat has released a fix
for RHEL 8 already 2023-05-30 https://access.redhat.com/errata/RHSA-2023:3349

Alma’s build of kernel-4.18.0-477.13.1.el8_8 exists. Update and be happy?

(The el9 is still waiting for a fix.)

addweb-Nilesh · June 9, 2023, 1:04pm

I have updated the kernel version through yum update in Alma Linux 8.8 and now we have Kernel version kernel-4.18.0-477.13.1.el8_8.

Topic		Replies	Views
Plan for Security Vulnerabilities in Alma Linux 8.6 General Discussion & Chat	10	1587	February 17, 2023
Stuck migrating to Alma from Centos 8 General Discussion & Chat	0	476	July 25, 2022
Almalinux errata Search returns empty results Support	0	258	September 16, 2022
Problem upgrading CentOS 7 to AlmaLinux 8 Support	4	5114	July 19, 2023
AlmaLinux 8 to 9 migration cleanup help Support	6	107	April 18, 2024

CVE-2023-32233 Vulnerability Solution for AlmaLinux 8.8

Related Topics