CVE-2023-4244

CWE-416Use After Free25 documents8 sources
Severity
7.0HIGH
EPSS
0.0%
top 95.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelLinux Linux KernelDebian Debian Linux
Timeline
PublishedSep 6
Latest updateMar 25

Description

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5linux/kernel0.06.5
Debianlinux< 5.10.197-1+3

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: kernel.dancePatch: git.kernel.org

🔴Vulnerability Details

8
OSV
linux-azure vulnerabilities2024-01-09
OSV
linux, linux-aws, linux-laptop, linux-lowlatency, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive vulnerabilities2023-11-21
OSV
linux-oracle-5.15 vulnerabilities2023-10-26
OSV
linux-gcp-5.15, linux-gkeop-5.15 vulnerabilities2023-10-24
OSV
linux-starfive-6.2 vulnerabilities2023-10-24

📋Vendor Advisories

16
Ubuntu
Linux kernel (Azure) vulnerabilities2024-03-25
Ubuntu
Linux kernel (AWS) vulnerabilities2024-03-19
Ubuntu
Linux kernel vulnerabilities2024-03-13
Ubuntu
Linux kernel vulnerabilities2024-03-11
Ubuntu
Linux kernel (Azure) vulnerabilities2024-01-09