CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables
component can be exploited to achieve local privilege escalation. The
function nft_trans_gc_catchall did not remove the catchall set element from
the catchall_list when the argument sync is true, making it possible to
free a catchall set element many times. We recommend upgrading past commit
93995bf4af2c5a99e2a87f0cd5ce547d31eb7630.
Author | Note |
---|---|
rodrigo-zaiden | Google kCTF submission for 5.15 kernels, there was never a release with the commit that introduces the issue. in version 5.15.0-94.104 for the generic kernel, and for the kernels that derivate from that version, both the break and the fix commit were added, but still, there is no vulnerable version released. hence, Ubuntu 5.15 kernels are not-affected. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux-oem-6.1 | < 6.1.0-1028.28 | UNKNOWN |
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93995bf4af2c5a99e2a87f0cd5ce547d31eb7630
launchpad.net/bugs/cve/CVE-2023-6111
nvd.nist.gov/vuln/detail/CVE-2023-6111
patchwork.ozlabs.org/project/netfilter-devel/patch/[email protected]/
security-tracker.debian.org/tracker/CVE-2023-6111
ubuntu.com/security/notices/USN-6576-1
www.cve.org/CVERecord?id=CVE-2023-6111