A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability.
We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.
References
Link | Resource |
---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8 | Issue Tracking Mailing List Patch Vendor Advisory |
https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8 | Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html |
Configurations
History
11 Jan 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Oct 2023, 02:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References | (MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html - Mailing List, Third Party Advisory | |
First Time |
Debian debian Linux
Debian |
20 Oct 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Sep 2023, 18:12
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CWE | CWE-416 | |
First Time |
Linux
Linux linux Kernel |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8 - Issue Tracking, Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8 - Patch, Vendor Advisory |
06 Sep 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-06 14:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4244
Mitre link : CVE-2023-4244
CVE.ORG link : CVE-2023-4244
JSON object : View
Products Affected
linux
- linux_kernel
debian
- debian_linux
CWE
CWE-416
Use After Free