CVE-2023-4207
Summary
| CVE | CVE-2023-4207 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-09-06 14:15:00 UTC |
|---|
| Updated | 2024-02-05 19:55:00 UTC |
|---|
| Description | A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.
When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.
We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| kernel.dance/76e42ae831991c828cffa8c37736ebfb831ad5ec |
MISC |
kernel.dance |
|
| kernel/git/torvalds/linux.git - Linux kernel source tree |
MISC |
git.kernel.org |
|
| lists.debian.org/debian-lts-announce/2024/01/msg00004.html |
|
lists.debian.org |
Mailing List, Third Party Advisory, VDB Entry |
| Debian -- Security Information -- DSA-5492-1 linux |
MISC |
www.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161066 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-6583)
- 161147 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-7077)
- 161194 Oracle Enterprise Linux Security Update for kernel (ELSA-2023-7423)
- 161211 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-13019)
- 242399 Red Hat Update for kernel security (RHSA-2023:6583)
- 242434 Red Hat Update for kernel-rt security (RHSA-2023:6901)
- 242451 Red Hat Update for kernel security (RHSA-2023:7077)
- 242482 Red Hat Update for kernel-rt (RHSA-2023:7379)
- 242497 Red Hat Update for kpatch-patch (RHSA-2023:7418)
- 242498 Red Hat Update for kernel-rt (RHSA-2023:7424)
- 242501 Red Hat Update for kernel (RHSA-2023:7423)
- 242502 Red Hat Update for kpatch-patch (RHSA-2023:7419)
- 242518 Red Hat Update for kpatch-patch (RHSA-2023:7558)
- 242521 Red Hat Update for kernel security (RHSA-2023:7539)
- 242612 Red Hat Update for kernel security (RHSA-2023:7370)
- 257270 Centos Security Update for kernel
- 257295 CentOS Security Update for kernel (CESA-2023:7423)
- 356357 Amazon Linux Security Advisory for kernel : ALAS-2023-1838
- 356409 Amazon Linux Security Advisory for kernel : ALAS2-2023-2264
- 356571 Amazon Linux Security Advisory for kernel-livepatch : ALAS2LIVEPATCH-2023-155
- 356578 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2023-054
- 356584 Amazon Linux Security Advisory for kernel-livepatch : ALAS2LIVEPATCH-2023-152
- 356588 Amazon Linux Security Advisory for kernel-livepatch : ALAS2LIVEPATCH-2023-154
- 356595 Amazon Linux Security Advisory for kernel-livepatch : ALAS2LIVEPATCH-2023-153
- 356599 Amazon Linux Security Advisory for kernel-livepatch : ALAS2LIVEPATCH-2023-151
- 390293 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2023-0025)
- 6000220 Debian Security Update for linux (DSA 5492-1)
- 6000429 Debian Security Update for linux (DLA 3710-1)
- 673406 EulerOS Security Update for kernel (EulerOS-SA-2023-3182)
- 673563 EulerOS Security Update for kernel (EulerOS-SA-2024-1144)
- 673848 EulerOS Security Update for kernel (EulerOS-SA-2023-3217)
- 907297 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (28678-1)
- 941453 AlmaLinux Security Update for kernel (ALSA-2023:7077)
