CVE-2023-3777

CWE-416 — Use After Free20 documents8 sources

Severity

7.8HIGH

EPSS

0.1%

top 81.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Linux Linux Kernel Canonical Ubuntu Linux +1 more

Timeline

PublishedSep 6

Latest updateNov 28

Description

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5linux/kernel5.9 — 6.5

▶NVDlinux/linux_kernel5.9 — 5.10.188+3

▶Debianlinux< 5.10.191-1+3

Also affects: Debian Linux 12.0, Ubuntu Linux 14.04, 16.04, 18.04, 20.04, 22.04

Patches

Patch: git.kernel.org ↗Patch: kernel.dance ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-3v7f-rjgx-9grq: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation↗2023-09-06

▶

OSV

CVE-2023-3777: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation↗2023-09-06

▶

CVEList

Use-after-free in Linux kernel's netfilter: nf_tables component↗2023-09-06

▶

OSV

linux-oem-6.1 vulnerabilities↗2023-08-29

▶

📋Vendor Advisories

Ubuntu

Kernel Live Patch Security Notice↗2023-11-28

▶

Ubuntu

Kernel Live Patch Security Notice↗2023-10-10

▶

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2023-3777↗2023-10-06

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2023-09-19

▶

Red Hat

kernel: use-after-free in netfilter: nf_tables↗2023-09-06

▶