vulnerability

Red Hat: CVE-2023-1829: kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (Multiple Advisories)

Name: Red Hat: CVE-2023-1829: kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (Multiple Advisories)
Creator: Red Hat
Published: 2023-04-12T00:00:00.000Z
Keywords: CVE, CWE-416, Red Hat, 2023, 1829, kernel, redhat-upgrade-kernel, redhat-upgrade-kernel-rt, Severity 7

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Apr 12, 2023

Added

Aug 9, 2023

Modified

Mar 27, 2026

Description

A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.
We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report