vulnerability
Ubuntu: (CVE-2023-4206): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | 2023-09-06 | 2024-11-19 | 2025-04-01 |
Description
A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.
When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.
We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.
Solution(s)
References
- CVE-2023-4206
- https://attackerkb.com/topics/CVE-2023-4206
- URL-https://git.kernel.org/linus/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8
- URL-https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8
- URL-https://kernel.dance/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8
- URL-https://www.cve.org/CVERecord?id=CVE-2023-4206
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.