cbcvebase.
CVE-2023-4004
published 2023-07-31

CVE-2023-4004: A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianlinux< linux 6.1.52-1 (bookworm)linux 6.1.52-1 (bookworm)
fedoraprojectfedora
linuxlinux_kernel>= 0 < 5.10.191-15.10.191-1
linuxlinux_kernel>= 0 < 6.1.52-16.1.52-1
linuxlinux_kernel>= 0 < 6.4.11-16.4.11-1
linuxlinux_kernel>= 0 < 6.4.11-16.4.11-1
linuxlinux_kernel>= 0 < 5.15.0-82.915.15.0-82.91
linuxlinux_kernel>= 0 < 4.4.0-246.2804.4.0-246.280
linuxlinux_kernel>= 0 < 4.4.0-245.2794.4.0-245.279
linuxlinux_kernel>= 0 < 4.15.0-219.2304.15.0-219.230
linuxlinux_kernel>= 0 < 4.15.0-218.2294.15.0-218.229
linuxlinux_kernel>= 0 < 5.4.0-165.1825.4.0-165.182
linuxlinux_kernel>= 0 < 5.4.0-205.2255.4.0-205.225
linuxlinux_kernel>= 0 < 5.15.0-87.975.15.0-87.97
linuxlinux_kernel>= 0 < 5.15.0-84.935.15.0-84.93
linuxlinux_kernel>= 5.11 < 5.15.1235.15.123
linuxlinux_kernel>= 5.16 < 6.1.426.1.42
linuxlinux_kernel>= 5.6 < 5.10.1885.10.188
linuxlinux_kernel>= 6.2 < 6.4.76.4.7
msrccbl2_kernel_5.15.126.1-1_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH