CVE-2023-0461

CVSS v3.1 7.8 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 67

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.

There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.

When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.

The setsockopt TCP_ULP operation does not require any privilege.

We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Google Inc.
Published Date: 2023-02-28 15:15:11
(18 months ago)
Updated Date: 2023-06-06 19:16:28
(15 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.13.0 version and prior 4.14.303 version	cpe:2.3:o:linux:linux_kernel	>= 4.13.0	< 4.14.303
Linux Kernel from 4.19 version and prior 4.19.270 version	cpe:2.3:o:linux:linux_kernel	>= 4.19	< 4.19.270
Linux Kernel from 5.4 version and prior 5.4.229 version	cpe:2.3:o:linux:linux_kernel	>= 5.4	< 5.4.229
Linux Kernel from 5.10 version and prior 5.10.163 version	cpe:2.3:o:linux:linux_kernel	>= 5.10	< 5.10.163
Linux Kernel from 5.15 version and prior 5.15.88 version	cpe:2.3:o:linux:linux_kernel	>= 5.15	< 5.15.88
Linux Kernel from 6.0 version and prior 6.0.19 version	cpe:2.3:o:linux:linux_kernel	>= 6.0	< 6.0.19
Linux Kernel from 6.1 version and prior 6.1.5 version	cpe:2.3:o:linux:linux_kernel	>= 6.1	< 6.1.5
Linux Kernel 6.2 Rc1	cpe:2.3:o:linux:linux_kernel:6.2:rc1
Linux Kernel 6.2 Rc2	cpe:2.3:o:linux:linux_kernel:6.2:rc2