Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-4207HistorySep 06, 2023 - 2:15 p.m.
CVE-2023-4207
2023-09-0614:15:11
Debian Security Bug Tracker
security-tracker.debian.org
18
cve-2023-4207
local privilege escalation
linux kernel
security vulnerability
tcf_result struct
filter
class
commit 76e42ae831991c828cffa8c37736ebfb831ad5ec
upgrade
unix
A use-after-free vulnerability in the Linux kernel’s net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | linux | < 6.1.52-1 | linux_6.1.52-1_all.deb |
| Debian | 11 | all | linux | < 5.10.191-1 | linux_5.10.191-1_all.deb |
| Debian | 10 | all | linux | < 4.19.304-1 | linux_4.19.304-1_all.deb |
| Debian | 999 | all | linux | < 6.4.11-1 | linux_6.4.11-1_all.deb |
| Debian | 13 | all | linux | < 6.4.11-1 | linux_6.4.11-1_all.deb |
Related
cve
cve
CVE-2023-4207
2023-09-06 14:15:11
CVE-2023-4128
2023-08-10 17:15:12
cnvd
cnvd
Linux kernel elevation of privilege vulnerability (CNVD-2023-70084)
2023-09-11 00:00:00
nessus
nessus
CBL Mariner 2.0 Security Update: kernel (CVE-2023-4207)
2023-09-28 00:00:00
OracleVM 3.4 : kernel-uek (OVMSA-2023-0025)
2023-12-11 00:00:00
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-13019)
2023-12-06 00:00:00
cvelist
cvelist
CVE-2023-4207 Use-after-free in Linux kernel's net/sched: cls_fw component
2023-09-06 13:53:22
prion
prion
Design/Logic Flaw
2023-09-06 14:15:00
cbl_mariner
cbl_mariner
CVE-2023-4207 affecting package kernel for versions less than 5.15.131.1-2
2023-09-27 18:02:50
ubuntucve
ubuntucve
CVE-2023-4207
2023-09-06 00:00:00
CVE-2023-4128
2023-08-10 00:00:00
f5
f5
redhatcve
redhatcve
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2023-12-06 00:00:00
kernel security update
2023-11-22 00:00:00
kernel security, bug fix, and enhancement update
2023-11-12 00:00:00
amazon
amazon
Important: kernel
2023-09-27 22:48:00
Important: kernel
2023-09-27 22:48:00
Important: kernel
2023-09-27 22:15:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by vulnerabilities in the Linux Kernel
2024-01-24 18:45:22
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management
2024-01-12 16:31:57
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-02-14 19:15:02
redhat
redhat
(RHSA-2023:7558) Important: kpatch-patch security update
2023-11-28 18:38:37
(RHSA-2023:7419) Important: kpatch-patch security update
2023-11-21 14:42:55
(RHSA-2024:0261) Important: kernel security update
2024-01-16 15:43:53
centos
centos
bpftool, kernel, perf, python security update
2024-01-12 19:36:38
openvas
openvas
CentOS: Security Advisory for bpftool (CESA-2023:7423)
2024-03-05 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-3182)
2023-11-10 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-3501)
2023-12-22 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0656
2023-09-27 00:00:00
osv
osv
linux - security update
2023-09-09 00:00:00
linux - security update
2024-01-10 00:00:00
Important: kernel security, bug fix, and enhancement update
2023-11-14 00:00:00
debian
debian
[SECURITY] [DSA 5492-1] linux security update
2023-09-09 21:40:33
[SECURITY] [DLA 3710-1] linux security update
2024-01-11 18:20:25
almalinux
almalinux
Important: kernel security, bug fix, and enhancement update
2023-11-14 00:00:00
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2023-11-21 21:37:49