CVE-2023-4147

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:5069	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5091	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5093	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7382	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7389	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7411	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4147	Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2225239	Issue Tracking Patch Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211	Mailing List Patch
https://www.spinics.net/lists/stable/msg671573.html	Mailing List Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.5:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.5:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.5:rc3::::::

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

History

16 Sep 2024, 13:15

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://security.netapp.com/advisory/ntap-20231020-0006/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://www.debian.org/security/2023/dsa-5480', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://www.debian.org/security/2023/dsa-5492', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}~~

26 Aug 2024, 16:08

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/errata/RHSA-2023:7382 -~~	() https://access.redhat.com/errata/RHSA-2023:7382 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7389 -~~	() https://access.redhat.com/errata/RHSA-2023:7389 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7411 -~~	() https://access.redhat.com/errata/RHSA-2023:7411 - Third Party Advisory

21 Nov 2023, 17:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2023:7411 - () https://access.redhat.com/errata/RHSA-2023:7382 - () https://access.redhat.com/errata/RHSA-2023:7389 -

02 Nov 2023, 02:17

Type	Values Removed	Values Added
CPE		cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.0:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.0:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::*
References	~~(MISC) https://www.debian.org/security/2023/dsa-5480 -~~	(MISC) https://www.debian.org/security/2023/dsa-5480 - Third Party Advisory
References	~~(MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html -~~	(MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html - Mailing List, Third Party Advisory
References	~~(MISC) https://access.redhat.com/errata/RHSA-2023:5093 -~~	(MISC) https://access.redhat.com/errata/RHSA-2023:5093 - Third Party Advisory
References	~~(MISC) https://www.debian.org/security/2023/dsa-5492 -~~	(MISC) https://www.debian.org/security/2023/dsa-5492 - Third Party Advisory
References	~~(MISC) https://security.netapp.com/advisory/ntap-20231020-0006/ -~~	(MISC) https://security.netapp.com/advisory/ntap-20231020-0006/ - Third Party Advisory
References	~~(MISC) https://access.redhat.com/errata/RHSA-2023:5069 -~~	(MISC) https://access.redhat.com/errata/RHSA-2023:5069 - Third Party Advisory
References	~~(MISC) https://access.redhat.com/errata/RHSA-2023:5091 -~~	(MISC) https://access.redhat.com/errata/RHSA-2023:5091 - Third Party Advisory
First Time		Debian debian Linux Redhat enterprise Linux Eus Redhat enterprise Linux For Real Time Redhat enterprise Linux Server Aus Redhat enterprise Linux For Real Time For Nfv Debian

20 Oct 2023, 15:15

Type	Values Removed	Values Added
References		(MISC) https://security.netapp.com/advisory/ntap-20231020-0006/ -

20 Oct 2023, 00:15

Type	Values Removed	Values Added
References		(MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html -

12 Sep 2023, 16:15

Type	Values Removed	Values Added
References		(MISC) https://access.redhat.com/errata/RHSA-2023:5069 - (MISC) https://access.redhat.com/errata/RHSA-2023:5093 - (MISC) https://access.redhat.com/errata/RHSA-2023:5091 -

10 Sep 2023, 12:16

Type	Values Removed	Values Added
References		(MISC) https://www.debian.org/security/2023/dsa-5492 -

19 Aug 2023, 18:17

Type	Values Removed	Values Added
References		(MISC) https://www.debian.org/security/2023/dsa-5480 -

15 Aug 2023, 14:27

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2225239 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2225239 - Issue Tracking, Patch, Third Party Advisory
References	~~(MISC) https://www.spinics.net/lists/stable/msg671573.html -~~	(MISC) https://www.spinics.net/lists/stable/msg671573.html - Mailing List, Patch
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211 -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211 - Mailing List, Patch
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2023-4147 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2023-4147 - Patch, Third Party Advisory
CWE		CWE-416
CPE		cpe:2.3:o:linux:linux_kernel:6.5:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.5:rc3:::::: cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:linux:linux_kernel:6.5:rc2:::::: cpe:2.3:o:fedoraproject:fedora:38:::::::*
First Time		Fedoraproject Linux Redhat Linux linux Kernel Fedoraproject fedora Redhat enterprise Linux

07 Aug 2023, 15:41

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-07 14:15

Updated : 2024-09-16 13:15

NVD link : CVE-2023-4147

Mitre link : CVE-2023-4147

CVE.ORG link : CVE-2023-4147

JSON object : View

Products Affected

redhat

enterprise_linux_for_real_time_for_nfv
enterprise_linux
enterprise_linux_eus
enterprise_linux_for_real_time
enterprise_linux_server_aus

linux

linux_kernel

fedoraproject

fedora

debian

debian_linux

CWE

CWE-416

Use After Free

7.8 /10