Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-1829
HistoryApr 12, 2023 - 12:00 a.m.

CVE-2023-1829

2023-04-1200:00:00
ubuntu.com
ubuntu.com
27
use-after-free
linux kernel
traffic control
privilege escalation
vulnerability
local attacker
double freeing
filters
perfect hashes
root privileges
bugzilla suse.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.1%

A use-after-free vulnerability in the Linux Kernel traffic control index
filter (tcindex) can be exploited to achieve local privilege escalation.
The tcindex_delete function which does not properly deactivate filters in
case of a perfect hashes while deleting the underlying structure which can
later lead to double freeing the structure. A local attacker user can use
this vulnerability to elevate its privileges to root. We recommend
upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.

Bugs

Rows per page:
1-10 of 811

References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.1%