CVE-2023-4015

CVSS v3.1 7.8 (High)

EPSS 0.04 % (5^th)

Affected Products 2

Advisories 15

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used.

We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Google Inc.
Published Date: 2023-09-06 14:15:11
(12 months ago)
Updated Date: 2023-12-12 14:31:41
(9 months ago)

Affected Products

Debian

Debian Linux

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 5.9 version and prior 5.10.190 version	cpe:2.3:o:linux:linux_kernel	>= 5.9	< 5.10.190
Linux Kernel from 5.11 version and prior 5.15.124 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.124
Linux Kernel from 5.16 version and prior 6.1.43 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.1.43
Linux Kernel from 6.2 version and prior 6.4.8 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.4.8

Configuration #2

		CPE23	From	Up To
	Debian Linux 12.0	cpe:2.3:o:debian:debian_linux:12.0