Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-4206
HistorySep 06, 2023 - 12:00 a.m.

CVE-2023-4206

2023-09-0600:00:00
ubuntu.com
ubuntu.com
23
linux kernel
vulnerability
use-after-free
local privilege escalation
net/sched
cls_route
security
bug
commit

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.6%

A use-after-free vulnerability in the Linux kernel’s net/sched: cls_route
component can be exploited to achieve local privilege escalation. When
route4_change() is called on an existing filter, the whole tcf_result
struct is always copied into the new instance of the filter. This causes a
problem when updating a filter bound to a class, as tcf_unbind_filter() is
always called on the old instance in the success path, decreasing
filter_cnt of the still referenced class and allowing it to be deleted,
leading to a use-after-free. We recommend upgrading past commit
b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.

Bugs

Notes

Author Note
Priority reason: By using unprivileged user namespaces, this can be exploited to achieve local privilege escalation.
rodrigo-zaiden fix commit also present in CVE-2023-4128, likely to be marked as duplicated.
Rows per page:
1-10 of 801

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.6%