Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-0461
HistoryFeb 22, 2023 - 12:00 a.m.

CVE-2023-0461

2023-02-2200:00:00
ubuntu.com
ubuntu.com
100
vulnerability
linux kernel
local privilege escalation
use-after-free
configuration flag
tls
xfrm_espintcp
inet_connection_sock
struct
tls context
tcp socket
setsockopt tcp_ulp
upgrade
commit
google kctf

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

There is a use-after-free vulnerability in the Linux Kernel which can be
exploited to achieve local privilege escalation. To reach the vulnerability
kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be
configured, but the operation does not require any privilege. There is a
use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When
CONFIG_TLS is enabled, user can install a tls context (struct tls_context)
on a connected tcp socket. The context is not cleared if this socket is
disconnected and reused as a listener. If a new socket is created from the
listener, the context is inherited and vulnerable. The setsockopt TCP_ULP
operation does not require any privilege. We recommend upgrading past
commit 2c02d41d71f90a5168391b6a5f2954112ba2307c

Notes

Author Note
sbeattie reported by google kCTF, apparently.
rodrigo-zaiden for some kernels, an extra commit was applied as a follow up commit: “UBUNTU: SAUCE: Fix inet_csk_listen_start after CVE-2023-0461” to properly address an error code variable during the backport. USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.
Rows per page:
1-10 of 791

References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%