CVE-2023-4208

EPSS 0.03%
Veröffentlicht 06.09.2023 14:15:11
Zuletzt bearbeitet 13.02.2025 17:17:16
Quelle cve-coordination@google.com
Teams Watchlist Login
Unerledigt Login

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.

When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.

We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.18 < 4.14.322

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.291

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.253

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.190

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.126

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.45

Linux ≫ Linux Kernel Version >= 6.2 < 6.4.10

Debian ≫ Debian Linux Version12.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.083

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve-coordination@google.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html

Third Party Advisory

https://www.debian.org/security/2023/dsa-5492

Third Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81

Vendor Advisory

https://kernel.dance/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4208

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4208

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4208

EUVD