7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables
component can be exploited to achieve local privilege escalation. When
nf_tables_delrule() is flushing table rules, it is not checked whether the
chain is bound and the chain’s owner rule can also release the objects in
certain circumstances. We recommend upgrading past commit
6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
Author | Note |
---|---|
Priority reason: By using unprivileged user namespaces, this can be exploited to achieve local privilege escalation. | |
rodrigo-zaiden | Google kCTF submission |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux | < 5.15.0-82.91 | UNKNOWN |
ubuntu | 23.04 | noarch | linux | < 6.2.0-31.31 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1043.48 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-aws | < 6.2.0-1010.10 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1043.48~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.2 | < 6.2.0-1010.10~22.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1045.52 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-azure | < 6.2.0-1010.10 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < 5.15.0-1045.52~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-fde | < 5.15.0-1045.52.1 | UNKNOWN |
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8
google.github.io/security-research/kernelctf/rules
launchpad.net/bugs/cve/CVE-2023-3777
nvd.nist.gov/vuln/detail/CVE-2023-3777
patchwork.ozlabs.org/project/netfilter-devel/patch/[email protected]/
security-tracker.debian.org/tracker/CVE-2023-3777
ubuntu.com/security/notices/USN-6315-1
ubuntu.com/security/notices/USN-6316-1
ubuntu.com/security/notices/USN-6318-1
ubuntu.com/security/notices/USN-6321-1
ubuntu.com/security/notices/USN-6325-1
ubuntu.com/security/notices/USN-6328-1
ubuntu.com/security/notices/USN-6330-1
ubuntu.com/security/notices/USN-6332-1
ubuntu.com/security/notices/USN-6348-1
ubuntu.com/security/notices/USN-6385-1
www.cve.org/CVERecord?id=CVE-2023-3777