Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-4623
HistorySep 06, 2023 - 12:00 a.m.

CVE-2023-4623

2023-09-0600:00:00
ubuntu.com
ubuntu.com
9
linux kernel
local privilege escalation
use-after-free
hfsc qdisc
traffic control

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

A use-after-free vulnerability in the Linux kernel’s net/sched: sch_hfsc
(HFSC qdisc traffic control) component can be exploited to achieve local
privilege escalation. If a class with a link-sharing curve (i.e. with the
HFSC_FSC flag set) has a parent without a link-sharing curve, then
init_vf() will call vttree_insert() on the parent, but vttree_remove() will
be skipped in update_vf(). This leaves a dangling pointer that can cause a
use-after-free. We recommend upgrading past commit
b3d26c5702c7d6c45456326e56d2ccf3f103e60f.

Bugs

Notes

Author Note
Priority reason: allows local privilege escalation
sbeattie might require CAP_NET_ADMIN in the init namespace to set up sch_hfsc scheduler
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-219.230UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-165.182UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-87.97UNKNOWN
ubuntu23.04noarchlinux< 6.2.0-35.35UNKNOWN
ubuntu14.04noarchlinux< 3.13.0-194.245UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-246.280UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1162.175UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1112.121UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1048.53UNKNOWN
ubuntu23.04noarchlinux-aws< 6.2.0-1014.14UNKNOWN
Rows per page:
1-10 of 841

References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%