Lucene search

[email protected]CVE-2023-4244

HistorySep 06, 2023 - 2:15 p.m.

CVE-2023-4244

2023-09-0614:15:11

CWE-416

[email protected]

web.nvd.nist.gov

120

cve-2023-4244

linux kernel

netfilter

nf_tables

use-after-free vulnerability

local privilege escalation

nvd

security

upgrade

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation.

Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability.

We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.

Affected configurations

Vulners

NVD

Node

linuxlinux_kernelRange0.0–6.5

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "vendor": "Linux",
    "product": "Kernel",
    "packageName": "kernel",
    "repo": "https://git.kernel.org",
    "versions": [
      {
        "status": "affected",
        "version": "0.0",
        "lessThan": "6.5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]