A use-after-free vulnerability in the Linux kernel’s net/sched: sch_hfsc
(HFSC qdisc traffic control) component can be exploited to achieve local
privilege escalation. If a class with a link-sharing curve (i.e. with the
HFSC_FSC flag set) has a parent without a link-sharing curve, then
init_vf() will call vttree_insert() on the parent, but vttree_remove() will
be skipped in update_vf(). This leaves a dangling pointer that can cause a
use-after-free. We recommend upgrading past commit
b3d26c5702c7d6c45456326e56d2ccf3f103e60f.
Author | Note |
---|---|
Priority reason: allows local privilege escalation | |
sbeattie | might require CAP_NET_ADMIN in the init namespace to set up sch_hfsc scheduler |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | <Â 4.15.0-219.230) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 20.04 | noarch | linux | <Â 5.4.0-165.182 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | <Â 5.15.0-87.97 | UNKNOWN |
ubuntu | 23.04 | noarch | linux | <Â 6.2.0-35.35 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | <Â 3.13.0-194.245) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | linux | <Â 4.4.0-246.280) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | <Â 4.15.0-1162.175) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | <Â 5.4.0-1112.121 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | <Â 5.15.0-1048.53 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-aws | <Â 6.2.0-1014.14 | UNKNOWN |
git.kernel.org/linus/b3d26c5702c7d6c45456326e56d2ccf3f103e60f
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f
kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f
launchpad.net/bugs/cve/CVE-2023-4623
nvd.nist.gov/vuln/detail/CVE-2023-4623
security-tracker.debian.org/tracker/CVE-2023-4623
ubuntu.com/security/notices/USN-6415-1
ubuntu.com/security/notices/USN-6439-1
ubuntu.com/security/notices/USN-6439-2
ubuntu.com/security/notices/USN-6440-1
ubuntu.com/security/notices/USN-6440-2
ubuntu.com/security/notices/USN-6440-3
ubuntu.com/security/notices/USN-6441-1
ubuntu.com/security/notices/USN-6441-2
ubuntu.com/security/notices/USN-6441-3
ubuntu.com/security/notices/USN-6442-1
ubuntu.com/security/notices/USN-6444-1
ubuntu.com/security/notices/USN-6444-2
ubuntu.com/security/notices/USN-6445-1
ubuntu.com/security/notices/USN-6445-2
ubuntu.com/security/notices/USN-6446-1
ubuntu.com/security/notices/USN-6446-2
ubuntu.com/security/notices/USN-6446-3
ubuntu.com/security/notices/USN-6460-1
ubuntu.com/security/notices/USN-6466-1
www.cve.org/CVERecord?id=CVE-2023-4623