7.8

CVE-2024-0193

Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatCodeready Linux Builder For Eus Version9.2 HwPlatformx64
RedhatEnterprise Linux Version9.2 HwPlatformarm64
RedhatEnterprise Linux For Els Version9.2 HwPlatformarm64
RedhatEnterprise Linux For Els Version9.2 HwPlatformx64
RedhatEnterprise Linux For Eus Version9.2 HwPlatformarm64
RedhatEnterprise Linux For Eus Version9.2 HwPlatformx64
RedhatCodeready Linux Builder Version9.0 HwPlatformaarch64
RedhatCodeready Linux Builder For Eus Version9.4 HwPlatformarm64
RedhatCodeready Linux Builder For Eus Version9.4 HwPlatformx64
RedhatCodeready Linux Builder For Eus Version9.6 HwPlatformarm64
RedhatCodeready Linux Builder For Eus Version9.6 HwPlatformx64
RedhatEnterprise Linux Version9.0 HwPlatformarm64
RedhatEnterprise Linux Version9.0 HwPlatformx64
RedhatEnterprise Linux For Arm 64 Version9.4_aarch64
RedhatEnterprise Linux For Arm 64 Version9.6_aarch64
RedhatEnterprise Linux For Arm 64 Els Version9.4_aarch64
RedhatEnterprise Linux For Arm 64 Els Version9.6_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.4_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.6_aarch64
RedhatEnterprise Linux For Els Version9.4 HwPlatformx64
RedhatEnterprise Linux For Els Version9.6 HwPlatformx64
RedhatEnterprise Linux For Eus Version9.4 HwPlatformx64
RedhatEnterprise Linux For Eus Version9.6 HwPlatformx64
RedhatEnterprise Linux For Arm 64 Version9.0_aarch64
LinuxLinux Kernel Version >= 5.10.198 < 5.10.206
LinuxLinux Kernel Version >= 5.15.118 < 5.15.146
LinuxLinux Kernel Version >= 6.1.35 < 6.1.71
LinuxLinux Kernel Version >= 6.3.9 < 6.6.10
RedhatOpenshift Logging Version >= 5.0 < 5.8.6
   RedhatEnterprise Linux Version9.0
   RedhatEnterprise Linux Version9.0 HwPlatformarm64
   RedhatEnterprise Linux For Ibm Z Systems Version9.0
   RedhatEnterprise Linux For Power Little Endian Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.84% 0.535
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://access.redhat.com/errata/RHSA-2024:2094
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1248
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1018
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1019
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:4412
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:4415
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2024-0193
Third Party Advisory
Mitigation
https://bugzilla.redhat.com/show_bug.cgi?id=2255653
Patch
Third Party Advisory
Issue Tracking