Lucene search

K
cvelistGoogleCVELIST:CVE-2023-0461
HistoryFeb 28, 2023 - 2:23 p.m.

CVE-2023-0461 Use-after-free vulnerability in the Linux Kernel

2023-02-2814:23:02
CWE-416
Google
www.cve.org
8
use-after-free
linux kernel
vulnerability
local privilege escalation
config_tls
config_xfrm_espintcp
icsk_ulp_data
struct inet_connection_sock
struct tls_context
setsockopt tcp_ulp
upgrade
commit
2c02d41d71f90a5168391b6a5f2954112ba2307c
cve

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0

Percentile

5.1%

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.

There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.

When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.

The setsockopt TCP_ULP operation does not require any privilege.

We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "kernel",
    "product": "Linux Kernel",
    "repo": "https://git.kernel.org",
    "vendor": "Linux",
    "versions": [
      {
        "lessThan": "2c02d41d71f90a5168391b6a5f2954112ba2307c",
        "status": "affected",
        "version": "0",
        "versionType": "git"
      }
    ]
  }
]

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0

Percentile

5.1%