CVE-2023-4206

CWE-416Use After Free8 documents7 sources
Severity
7.8HIGH
EPSS
0.1%
top 77.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelLinux Linux KernelDebian Debian Linux
Timeline
PublishedSep 6
Latest updateSep 12

Description

A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be delet

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5linux/kernel3.186.5
NVDlinux/linux_kernel3.184.14.322+6
Debianlinux< 5.10.191-1+3

Also affects: Debian Linux 12.0

Patches

Patch: git.kernel.orgPatch: kernel.dancePatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2023-4206: A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation2023-09-06
CVEList
Use-after-free in Linux kernel's net/sched: cls_route component2023-09-06
GHSA
GHSA-r8pm-459q-x6hw: A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation2023-09-06

📋Vendor Advisories

4
Microsoft
Use-after-free in Linux kernel's net/sched: cls_route component2023-09-12
Red Hat
kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route2023-07-29
Red Hat
kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route2023-07-29
Debian
CVE-2023-4206: linux - A use-after-free vulnerability in the Linux kernel's net/sched: cls_route compon...2023