1. Home
  2. Vulnerabilities
  3. CVE-2023-4207

CVE-2023-4207

CVSS v3.1 7.8 (High)
78% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 2
Advisories 15
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.

When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.

We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.

Weaknesses
CWE-416
Use After Free
Related CVEs
CVE Status
PUBLISHED
CNA
Google Inc.
Published Date
2023-09-06 14:15:11
(12 months ago)
Updated Date
2024-02-05 19:55:24
(7 months ago)

Affected Products

Debian

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 3.18 version and prior 4.14.326 version cpe:2.3:o:linux:linux_kernel >= 3.18 < 4.14.326
  Linux Kernel from 4.15 version and prior 4.19.295 version cpe:2.3:o:linux:linux_kernel >= 4.15 < 4.19.295
  Linux Kernel from 4.20 version and prior 5.4.253 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 5.4.253
  Linux Kernel from 5.5 version and prior 5.10.190 version cpe:2.3:o:linux:linux_kernel >= 5.5 < 5.10.190
  Linux Kernel from 5.11 version and prior 5.15.126 version cpe:2.3:o:linux:linux_kernel >= 5.11 < 5.15.126
  Linux Kernel from 5.16 version and prior 6.1.45 version cpe:2.3:o:linux:linux_kernel >= 5.16 < 6.1.45
  Linux Kernel from 6.2 version and prior 6.4.10 version cpe:2.3:o:linux:linux_kernel >= 6.2 < 6.4.10

Configuration #2

    CPE23 From Up To
  Debian Linux 12.0 cpe:2.3:o:debian:debian_linux:12.0