PRIOn knowledge basePRION:CVE-2023-4128Design/Logic Flaw in Fedoraproject - Fedora
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fedora | eq | 37 | |
| fedora | eq | 38 | |
| linux_kernel | eq | 6.5 rc1 | |
| linux_kernel | lt | 6.5 | |
| linux_kernel | eq | 6.5 rc2 | |
| linux_kernel | eq | 6.5 rc3 | |
| linux_kernel | eq | 6.5 rc4 | |
| linux_kernel | eq | 6.5 | |
| enterprise_linux | eq | 7.0 | |
| enterprise_linux | eq | 8.0 |
References
packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html
access.redhat.com/errata/RHSA-2023:5235
access.redhat.com/errata/RHSA-2023:5238
access.redhat.com/errata/RHSA-2023:5548
access.redhat.com/errata/RHSA-2023:5575
access.redhat.com/errata/RHSA-2023:5580
access.redhat.com/errata/RHSA-2023:5588
access.redhat.com/errata/RHSA-2023:5589
access.redhat.com/errata/RHSA-2023:5603
access.redhat.com/errata/RHSA-2023:5604
access.redhat.com/errata/RHSA-2023:5627
access.redhat.com/errata/RHSA-2023:5628
access.redhat.com/errata/RHSA-2023:5775
access.redhat.com/errata/RHSA-2023:5794
access.redhat.com/security/cve/CVE-2023-4128
bugzilla.redhat.com/show_bug.cgi?id=2225511
lists.debian.org/debian-lts-announce/2023/10/msg00027.html
lists.fedoraproject.org/archives/list/[email protected]/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF/
lists.fedoraproject.org/archives/list/[email protected]/message/3TYLSJ2SAI7RF56ZLQ5CQWCJLVJSD73Q/
lore.kernel.org/netdev/[email protected]/
security.netapp.com/advisory/ntap-20231027-0002/
www.debian.org/security/2023/dsa-5480
www.debian.org/security/2023/dsa-5492
Related
