QID 356571

a use-after-free vulnerability in the linux kernels netfilter: nf_tables component can be exploited to achieve local privilege escalation. when nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chains owner rule can also release the objects in certain circumstances. we recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. (
( CVE-2023-3777) a use-after-free flaw was found in the linux kernels netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a nft_set_ext_key_end.
This issue could allow a local user to crash the system or potentially escalate their privileges on the system. (
( CVE-2023-4004) netfilter: nf_tables: disallow rule addition to bound chain via nfta_rule_chain_id (cve-2023-4147) a use-after-free vulnerability in the linux kernels net/sched: cls_route component can be exploited to achieve local privilege escalation. when route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter.
This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. we recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8. (
( CVE-2023-4206) a use-after-free vulnerability in the linux kernels net/sched: cls_fw component can be exploited to achieve local privilege escalation. when fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter.

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.