CVE-2023-31248
published 2023-07-05CVE-2023-31248: Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and…
PriorityP278high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.16%
79.9th percentile
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.38-1 (bookworm) | linux 6.1.38-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.179-2 | 5.10.179-2 |
| linux | linux_kernel | >= 0 < 6.1.38-1 | 6.1.38-1 |
| linux | linux_kernel | >= 0 < 6.4.4-1 | 6.4.4-1 |
| linux | linux_kernel | >= 0 < 6.4.4-1 | 6.4.4-1 |
| linux | linux_kernel | >= 0 < 5.15.0-78.85 | 5.15.0-78.85 |
| linux | linux_kernel | >= 0 < 4.4.0-243.277 | 4.4.0-243.277 |
| linux | linux_kernel | >= 0 < 4.15.0-214.225 | 4.15.0-214.225 |
| linux | linux_kernel | >= 0 < 5.4.0-155.172 | 5.4.0-155.172 |
| linux | linux_kernel | >= 0 < 5.15.0-78.85 | 5.15.0-78.85 |
| linux | linux_kernel | >= 5.11 < 5.15.121 | 5.15.121 |
| linux | linux_kernel | >= 5.16 < 6.1.39 | 6.1.39 |
| linux | linux_kernel | >= 5.9 < 5.10.188 | 5.10.188 |
| linux | linux_kernel | >= 6.2 < 6.4.4 | 6.4.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered via nft_chain_lookup_byid() in net/netfilter/nf_tables_api.c — monitor for use-after-free exploitation patterns targeting this function in the netfilter subsystem ↗
- →Exploitation requires CAP_NET_ADMIN capability in any user or network namespace — alert on processes acquiring CAP_NET_ADMIN within unprivileged user namespaces as a precursor indicator ↗
- →The root cause is a missing active-chain status check in nft_chain_lookup_byid(); detection logic should look for nftables operations referencing inactive/deleted chains by ID ↗
- ·Blacklisting the kernel netfilter module will mitigate the vulnerability but will disable all nftables/netfilter functionality — assess impact before applying ↗
- ·Red Hat Enterprise Linux 6, 7, and 8 are confirmed NOT affected; only RHEL 9 required patching — scope detection efforts accordingly ↗
- ·Debian fixed versions are: bookworm 6.1.38-1, bullseye 5.10.179-2, forky/sid/trixie 6.4.4-1 — systems running older kernels in these suites remain vulnerable ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
vulncheck7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Kernel Live Patch Security Notice
osv·2023-09-05·CVSS 7.8
CVE-2023-3090 [HIGH] Kernel Live Patch Security Notice
Kernel Live Patch Security Notice
It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading to an out-of-
bounds write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.(CVE-2023-3090)
Querijn Voet discovered that a race condition existed in the io_uring
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-3389)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle some error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to ca
OSV
linux-oem-6.1 vulnerabilities
osv·2023-08-11·CVSS 7.1
CVE-2022-48502 [HIGH] linux-oem-6.1 vulnerabilities
linux-oem-6.1 vulnerabilities
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS
implementation in the Ubuntu Linux kernel did not properly perform
permission checks in certain situations. A local attacker could possibly
use this to gain elevated privileges. (CVE-2023-2640)
It was discovered that a race condition existed in the f2fs file system in
the Linux kernel, leading to a null pointer dereference vulnerability. An
attacker could use this to construct a malicious f2fs imag
OSV
linux-aws-5.19, linux-gcp-5.19, linux-hwe-5.19 vulnerabilities
osv·2023-07-27·CVSS 7.1
CVE-2022-48502 [HIGH] linux-aws-5.19, linux-gcp-5.19, linux-hwe-5.19 vulnerabilities
linux-aws-5.19, linux-gcp-5.19, linux-hwe-5.19 vulnerabilities
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS
implementation in the Ubuntu Linux kernel did not properly perform
permission checks in certain situations. A local attacker could possibly
use this to gain elevated privileges. (CVE-2023-2640)
It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading to an out-of-
bounds write vulnerability
OSV
linux-intel-iotg-5.15 vulnerabilities
osv·2023-07-26·CVSS 7.8
CVE-2023-3090 [HIGH] linux-intel-iotg-5.15 vulnerabilities
linux-intel-iotg-5.15 vulnerabilities
It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading to an out-of-
bounds write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-3090)
Mingi Cho discovered that the netfilter subsystem in the Linux kernel did
not properly validate the status of a nft chain while performing a lookup
by id, leading to a use-after-free vulnerability. An attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-31248)
Querijn Voet discovered that a race condition existed in the io_uring
subsystem in the Linux kernel, leading to a use-after-free vulnerabi
OSV
linux-oem-6.0 vulnerabilities
osv·2023-07-25·CVSS 5.5
CVE-2022-47929 [MEDIUM] linux-oem-6.0 vulnerabilities
linux-oem-6.0 vulnerabilities
It was discovered that the network queuing discipline implementation in the
Linux kernel contained a null pointer dereference in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2022-47929)
It was discovered that a race condition existed in Adreno GPU DRM driver in
the Linux kernel, leading to a double-free vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2023-21106)
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS
implementation in the Ubuntu Linux kernel did not properly perform
permission checks in certain situations. A local attacker could possibly
use this to gain elevated privileges. (CVE-2023-2640)
Mingi Cho discovered that the net
OSV
linux-oem-5.17 vulnerabilities
osv·2023-07-25·CVSS 5.3
CVE-2022-2663 [MEDIUM] linux-oem-5.17 vulnerabilities
linux-oem-5.17 vulnerabilities
David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)
It was discovered that the IDT 77252 ATM PCI device driver in the Linux
kernel did not properly remove any pending timers during device exit,
resulting in a use-after-free vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-3635)
It was discovered that the network queuing discipline implementation in the
Linux kernel contained a null pointer dereference in some situations. A
local attacker co
OSV
Kernel Live Patch Security Notice
osv·2023-07-25·CVSS 7.1
CVE-2023-1380 [HIGH] Kernel Live Patch Security Notice
Kernel Live Patch Security Notice
It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform data buffer size validation in some
situations. A physically proximate attacker could use this to craft a
malicious USB device that when inserted, could cause a denial of service
(system crash) or possibly expose sensitive information.(CVE-2023-1380)
Reima Ishii discovered that the nested KVM implementation for Intel x86
processors in the Linux kernel did not properly validate control registers
in certain situations. An attacker in a guest VM could use this to cause a
denial of service (guest crash).(CVE-2023-30456)
Mingi Cho discovered that the netfilter subsystem in the Linux kernel did
not properly validate the status of a nft chain while performi
OSV
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5
osv·2023-07-25·CVSS 7.8
[HIGH] linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities
It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading to an out-of-
bounds write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-3090)
Mingi Cho discovered that the netfilter subsystem in the Linux kernel did
not properly validate the status of a nft chain while perfor
OSV
CVE-2023-31248: Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active an
osv·2023-07-05·CVSS 7.8
CVE-2023-31248 [HIGH] CVE-2023-31248: Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active an
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
GHSA
GHSA-vr3g-637q-4rh6: Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active an
ghsa_unreviewed·2023-07-05
CVE-2023-31248 [HIGH] CWE-416 GHSA-vr3g-637q-4rh6: Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active an
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
VulnCheck
Linux Kernel Use After Free
vulncheck·2023·CVSS 7.8
CVE-2023-31248 [HIGH] Linux Kernel Use After Free
Linux Kernel Use After Free
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
Affected: Linux Kernel
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/
Ubuntu
Kernel Live Patch Security Notice
vendor_ubuntu·2023-09-05·CVSS 7.8
CVE-2023-31248 [HIGH] Kernel Live Patch Security Notice
Title: Kernel Live Patch Security Notice
Summary: Several security issues were fixed in the kernel.
It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading to an out-of-
bounds write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.(CVE-2023-3090)
Querijn Voet discovered that a race condition existed in the io_uring
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-3389)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle some error conditions, leading to a
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2023-08-11·CVSS 7.1
CVE-2023-38430 [HIGH] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS
implementation in the Ubuntu Linux kernel did not properly perform
permission checks in certain situations. A local attacker could possibly
use this to gain elevated privileges. (CVE-2023-2640)
It was discovered that a race condition existed in the f2fs file system in
the Linux kernel, leading to a null pointer dereferenc
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-07-27·CVSS 7.1
CVE-2023-31248 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS
implementation in the Ubuntu Linux kernel did not properly perform
permission checks in certain situations. A local attacker could possibly
use this to gain elevated privileges. (CVE-2023-2640)
It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading t
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities
vendor_ubuntu·2023-07-26·CVSS 7.8
CVE-2023-35001 [HIGH] Linux kernel (Intel IoTG) vulnerabilities
Title: Linux kernel (Intel IoTG) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading to an out-of-
bounds write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-3090)
Mingi Cho discovered that the netfilter subsystem in the Linux kernel did
not properly validate the status of a nft chain while performing a lookup
by id, leading to a use-after-free vulnerability. An attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-31248)
Querijn Voet discovered that a race condition existed in the
Ubuntu
Kernel Live Patch Security Notice
vendor_ubuntu·2023-07-25·CVSS 7.1
CVE-2023-31436 [HIGH] Kernel Live Patch Security Notice
Title: Kernel Live Patch Security Notice
Summary: Several security issues were fixed in the kernel.
It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform data buffer size validation in some
situations. A physically proximate attacker could use this to craft a
malicious USB device that when inserted, could cause a denial of service
(system crash) or possibly expose sensitive information.(CVE-2023-1380)
Reima Ishii discovered that the nested KVM implementation for Intel x86
processors in the Linux kernel did not properly validate control registers
in certain situations. An attacker in a guest VM could use this to cause a
denial of service (guest crash).(CVE-2023-30456)
Mingi Cho discovered that the netfilter subsystem in the Linux kernel
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2023-07-25·CVSS 5.5
CVE-2023-21106 [MEDIUM] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the network queuing discipline implementation in the
Linux kernel contained a null pointer dereference in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2022-47929)
It was discovered that a race condition existed in Adreno GPU DRM driver in
the Linux kernel, leading to a double-free vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2023-21106)
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS
implementation in the Ubuntu Linux kernel did not properly perform
permission checks in certain situations. A local attacker could possibly
use this t
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2023-07-25·CVSS 5.3
CVE-2022-2663 [MEDIUM] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)
It was discovered that the IDT 77252 ATM PCI device driver in the Linux
kernel did not properly remove any pending timers during device exit,
resulting in a use-after-free vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-3635)
It was discovered that the network queuing discipline implementation in the
Linux kernel
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-07-25·CVSS 7.8
CVE-2023-35001 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS
implementation in the Ubuntu Linux kernel did not properly perform
permission checks in certain situations. A local attacker could possibly
use this to gain elevated privileges. (CVE-2023-2640)
It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading to an out-of-
bounds write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-3090)
Mingi Cho discovered that the netfilter subsystem in the Linux kernel did
not properly validate the status of a nft chain while per
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2023-07-25·CVSS 7.8
CVE-2023-3390 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading to an out-of-
bounds write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-3090)
Mingi Cho discovered that the netfilter subsystem in the Linux kernel did
not properly validate the status of a nft chain while performing a lookup
by id, leading to a use-after-free vulnerability. An attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-31248)
Querijn Voet discovered that a race condition existed in the io_uring
subs
Red Hat
kernel: nf_tables: use-after-free in nft_chain_lookup_byid()
vendor_redhat·2023-07-05·CVSS 7.8
CVE-2023-31248 [HIGH] CWE-416 kernel: nf_tables: use-after-free in nft_chain_lookup_byid()
kernel: nf_tables: use-after-free in nft_chain_lookup_byid()
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
A use-after-free flaw was found in the Linux kernel's Netfilter module in net/netfilter/nf_tables_api.c in nft_chain_lookup_byid. This flaw allows a local attacker to cause a local privilege escalation issue due to a missing cleanup.
Statement: Exploiting this flaw will require the CAP_NET_ADMIN access privilege in any user or network namespace.
Mitigation: To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the kernel netfilter module.
For instructions relating to how to blackl
Debian
CVE-2023-31248: linux - Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `...
vendor_debian·2023·CVSS 7.8
CVE-2023-31248 [HIGH] CVE-2023-31248: linux - Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `...
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
Scope: local
bookworm: resolved (fixed in 6.1.38-1)
bullseye: resolved (fixed in 5.10.179-2)
forky: resolved (fixed in 6.4.4-1)
sid: resolved (fixed in 6.4.4-1)
trixie: resolved (fixed in 6.4.4-1)
No detection rules found.
No public exploits indexed.
Securelist
Exploits and vulnerabilities in Q3 2024
blogs_securelist·2024-12-06·CVSS 8.1
CVE-2024-47177 [HIGH] Exploits and vulnerabilities in Q3 2024
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Most prevalent exploits
Vulnerability exploitation in APT attacks
Interesting vulnerabilities
CVE-2024-47177 (CUPS filters)
CVE-2024-38112 (MSHTML Spoofing)
CVE-2024-6387 (regreSSHion)
CVE-2024-3183 (Free IPA)
CVE-2024-45519 (Zimbra)
CVE-2024-5290 (Ubuntu wpa_supplicant)
Conclusion and advice
Authors
Alexander Kolesnikov
Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example, a log integrity check is set to appear in the Co
Securelist
Analyzing the vulnerability landscape in Q3 2024
blogs_securelist·2024-12-06·CVSS 8.1
CVE-2024-47177 [HIGH] Analyzing the vulnerability landscape in Q3 2024
Table of Contents
- Statistics on registered vulnerabilities
- Exploitation statistics
- Vulnerability exploitation in APT attacks
- Interesting vulnerabilities
- CVE-2024-47177 (CUPS filters)
- CVE-2024-38112 (MSHTML Spoofing)
- CVE-2024-6387 (regreSSHion)
- CVE-2024-3183 (Free IPA)
- CVE-2024-45519 (Zimbra)
- CVE-2024-5290 (Ubuntu wpa_supplicant)
- Conclusion and advice
Authors
- Alexander Kolesnikov
Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example, a log integrity check is set to appear in the Common Log Filing System (CLFS) in Windows, so the number
Bugzilla
CVE-2023-31248 kernel: nf_tables: use-after-free in nft_chain_lookup_byid()
bugzilla·2023-07-06·CVSS 7.8
CVE-2023-31248 [HIGH] CVE-2023-31248 kernel: nf_tables: use-after-free in nft_chain_lookup_byid()
CVE-2023-31248 kernel: nf_tables: use-after-free in nft_chain_lookup_byid()
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
https://lore.kernel.org/netfilter-devel/[email protected]/T/
https://www.openwall.com/lists/oss-security/2023/07/05/2
http://www.openwall.com/lists/oss-security/2023/07/05/2
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2221778]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2023:5091 https://access.redhat.com/errata/RHSA-2023:5091
---
This issue has been addressed in the following products:
Red Hat En
http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.htmlhttp://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.htmlhttp://www.openwall.com/lists/oss-security/2023/07/05/2https://lists.debian.org/debian-lts-announce/2023/08/msg00001.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/https://lists.fedoraproject.org/archives/list/[email protected]/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/https://lore.kernel.org/netfilter-devel/[email protected]/T/https://security.netapp.com/advisory/ntap-20240201-0001/https://www.debian.org/security/2023/dsa-5453https://www.openwall.com/lists/oss-security/2023/07/05/2http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.htmlhttp://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.htmlhttp://www.openwall.com/lists/oss-security/2023/07/05/2https://lists.debian.org/debian-lts-announce/2023/08/msg00001.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/https://lists.fedoraproject.org/archives/list/[email protected]/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/https://lore.kernel.org/netfilter-devel/[email protected]/T/https://security.netapp.com/advisory/ntap-20240201-0001/https://www.debian.org/security/2023/dsa-5453https://www.openwall.com/lists/oss-security/2023/07/05/2
2023-07-05
Published
Exploited in the wild