Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-31248
HistoryJul 05, 2023 - 12:00 a.m.

CVE-2023-31248

2023-07-0500:00:00
ubuntu.com
ubuntu.com
22

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

14.9%

Linux Kernel nftables Use-After-Free Local Privilege Escalation
Vulnerability; nft_chain_lookup_byid() failed to check whether a chain
was active and CAP_NET_ADMIN is in any user or network namespace

Notes

Author Note
eslerm reporter at Pwn2Own 2023 as ZDI-CAN-20717 CWE-416
sbeattie requires CAP_NET_ADMIN in any namespace, not just the init namespace.
Rows per page:
1-10 of 461

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

14.9%