CVE-2023-4208
published 2023-09-06CVE-2023-4208: A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.
When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.
We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.52-1 (bookworm) | linux 6.1.52-1 (bookworm) |
| chrome_chrome | — | — | |
| linux | kernel | >= 3.18 < 6.5 | 6.5 |
| linux | linux_kernel | >= 0 < 5.10.191-1 | 5.10.191-1 |
| linux | linux_kernel | >= 0 < 6.1.52-1 | 6.1.52-1 |
| linux | linux_kernel | >= 0 < 6.4.11-1 | 6.4.11-1 |
| linux | linux_kernel | >= 0 < 6.4.11-1 | 6.4.11-1 |
| linux | linux_kernel | >= 3.18 < 4.14.322 | 4.14.322 |
| linux | linux_kernel | >= 4.15 < 4.19.291 | 4.19.291 |
| linux | linux_kernel | >= 4.20 < 5.4.253 | 5.4.253 |
| linux | linux_kernel | >= 5.11 < 5.15.126 | 5.15.126 |
| linux | linux_kernel | >= 5.16 < 6.1.45 | 6.1.45 |
| linux | linux_kernel | >= 5.5 < 5.10.190 | 5.10.190 |
| linux | linux_kernel | >= 6.2 < 6.4.10 | 6.4.10 |
| msrc | cbl2_kernel_5.15.131.1-2_on_cbl_mariner_2.0 | — | — |
| paloalto | pan-os | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH