CVE-2023-4207

CVE Details

Release Date:2023-07-29

Description


A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.

See more information about CVE-2023-4207 from MITRE CVE dictionary and NIST NVD


CVSS v3.0 metrics


NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.

Base Score: 7.8 Base Metrics: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Access Vector: Local network Attack Complexity: Low
Privileges Required: Low User Interaction: None
Scope: Unchanged Confidentiality Impact: High
Integrity Impact: High Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 6 (kernel-uek)ELSA-2023-130192023-12-06
Oracle Linux version 7 (kernel)ELSA-2023-74232023-11-22
Oracle Linux version 7 (kernel-uek)ELSA-2023-130192023-12-06
Oracle Linux version 8 (kernel)ELSA-2023-70772023-11-17
Oracle Linux version 9 (kernel)ELSA-2023-65832023-11-12
Oracle VM version 3 (kernel-uek)OVMSA-2023-00252023-12-07



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete