vulnerability
Red Hat: CVE-2023-4623: kernel: net/sched: sch_hfsc UAF (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | 2023-09-06 | 2024-01-25 | 2025-02-20 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
2023-09-06
Added
2024-01-25
Modified
2025-02-20
Description
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.
If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.
We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.
Solution(s)
redhat-upgrade-kernelredhat-upgrade-kernel-rt
References
- NVD-CVE-2023-4623
- REDHAT-RHSA-2024:0340
- REDHAT-RHSA-2024:0378
- REDHAT-RHSA-2024:0381
- REDHAT-RHSA-2024:0386
- REDHAT-RHSA-2024:0412
- REDHAT-RHSA-2024:0431
- REDHAT-RHSA-2024:0432
- REDHAT-RHSA-2024:0439
- REDHAT-RHSA-2024:0448
- REDHAT-RHSA-2024:0461
- REDHAT-RHSA-2024:0554
- REDHAT-RHSA-2024:0575
- REDHAT-RHSA-2024:0876
- REDHAT-RHSA-2024:0881
- REDHAT-RHSA-2024:0897
- REDHAT-RHSA-2024:1960
- REDHAT-RHSA-2024:2003
- REDHAT-RHSA-2024:2004
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.