CVE-2023-3390 — Use After Free in Kernel

CWE-416 — Use After Free32 documents11 sources

Severity

7.8HIGHNVD

OSV7.1OSV5.5OSV4.7

EPSS

0.1%

top 73.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Paloalto Pan-os +2 more

Timeline

PublishedJun 28

Latest updateFeb 15

Description

A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5linux/linux_kernel3.16 — 6.4

▶NVDlinux/linux_kernel3.16 — 4.14.322+6

▶Debianlinux/linux_kernel< 5.10.179-3+3

▶Ubuntulinux/linux_kernel< 5.4.0-155.172+5

▶debiandebian/linux< linux 6.1.37-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: kernel.dance ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-oem-6.0 vulnerabilities↗2023-09-19

▶

OSV

Kernel Live Patch Security Notice↗2023-09-05

▶

OSV

linux-oem-6.1 vulnerabilities↗2023-08-11

▶

OSV

linux-iot vulnerabilities↗2023-07-28

▶

OSV

linux-aws-5.19, linux-gcp-5.19, linux-hwe-5.19 vulnerabilities↗2023-07-27

▶

📋Vendor Advisories

CISA ICS

Siemens SCALANCE XCM-/XRM-300↗2024-02-15

▶

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2023-3390↗2023-09-21

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2023-09-19

▶

Ubuntu

Kernel Live Patch Security Notice↗2023-09-05

▶

💬Community

Bugzilla

CVE-2023-3610 kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE↗2023-07-24

▶

Bugzilla

CVE-2023-3390 kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests↗2023-06-07

▶