cbcvebase.
CVE-2023-4623
published 2023-09-06

CVE-2023-4623: A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debianlinux< linux 6.1.55-1 (bookworm)linux 6.1.55-1 (bookworm)
linuxkernel>= 2.6.12 < 6.66.6
linuxlinux_kernel>= 0 < 5.10.197-15.10.197-1
linuxlinux_kernel>= 0 < 6.1.55-16.1.55-1
linuxlinux_kernel>= 0 < 6.5.3-16.5.3-1
linuxlinux_kernel>= 0 < 6.5.3-16.5.3-1
linuxlinux_kernel>= 0 < 5.4.0-165.1825.4.0-165.182
linuxlinux_kernel>= 0 < 5.15.0-87.975.15.0-87.97
linuxlinux_kernel>= 0 < 3.13.0-194.2453.13.0-194.245
linuxlinux_kernel>= 0 < 4.4.0-246.2804.4.0-246.280
linuxlinux_kernel>= 0 < 4.15.0-219.2304.15.0-219.230
linuxlinux_kernel>= 0 < 5.4.0-165.1825.4.0-165.182
linuxlinux_kernel>= 0 < 5.15.0-87.975.15.0-87.97
linuxlinux_kernel>= 2.6.12 < 4.14.3274.14.327
linuxlinux_kernel>= 4.15 < 4.19.2954.19.295
linuxlinux_kernel>= 4.20 < 5.4.2575.4.257
linuxlinux_kernel>= 5.11 < 5.15.1325.15.132
linuxlinux_kernel>= 5.16 < 6.1.536.1.53
linuxlinux_kernel>= 5.5 < 5.10.1955.10.195
linuxlinux_kernel>= 6.2 < 6.4.166.4.16
linuxlinux_kernel>= 6.5 < 6.5.36.5.3
msrccbl2_kernel_5.15.135.1-2_on_cbl_mariner_2.0
paloaltopan-os
ubuntulinux-gcp-5.15

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH