CVE-2023-1281

CVSS v3.1 7.8 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 55

Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root.
This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Google Inc.
Published Date: 2023-03-22 14:15:16
(18 months ago)
Updated Date: 2023-06-26 16:57:22
(14 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.14 version and prior 5.10.169 version	cpe:2.3:o:linux:linux_kernel	>= 4.14	< 5.10.169
Linux Kernel from 5.11 version and prior 5.15.95 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.95
Linux Kernel from 5.16 version and prior 6.1.13 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.1.13
Linux Kernel 6.2 Rc1	cpe:2.3:o:linux:linux_kernel:6.2:rc1
Linux Kernel 6.2 Rc2	cpe:2.3:o:linux:linux_kernel:6.2:rc2
Linux Kernel 6.2 Rc3	cpe:2.3:o:linux:linux_kernel:6.2:rc3
Linux Kernel 6.2 Rc4	cpe:2.3:o:linux:linux_kernel:6.2:rc4
Linux Kernel 6.2 Rc5	cpe:2.3:o:linux:linux_kernel:6.2:rc5
Linux Kernel 6.2 Rc6	cpe:2.3:o:linux:linux_kernel:6.2:rc6
Linux Kernel 6.2 Rc7	cpe:2.3:o:linux:linux_kernel:6.2:rc7
Linux Kernel 6.2 Rc8	cpe:2.3:o:linux:linux_kernel:6.2:rc8