cve/2023/CVE-2023-1829.md

### [CVE-2023-1829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1829)
![](https://img.shields.io/static/v1?label=Product&message=Linux%20Kernel&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.8%3C%3D%206.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen)

### Description

A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.

### POC

#### Reference
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c710f75256bb3cf05ac7b1672c82b92c43f3d28

#### Github
- https://github.com/EGI-Federation/SVG-advisories
- https://github.com/N1ghtu/RWCTF6th-RIPTC
- https://github.com/Threekiii/CVE
- https://github.com/lanleft/CVE2023-1829
- https://github.com/star-sg/CVE
- https://github.com/xairy/linux-kernel-exploitation
-												Update Sat May 25 21:48:12 CEST 2024

											
										
										
											2024-05-25 21:48:12 +02:00
+								### [CVE-2023-1829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1829)
 								![](https://img.shields.io/static/v1?label=Product&message=Linux%20Kernel&color=blue)
 								![](https://img.shields.io/static/v1?label=Version&message=3.8%3C%3D%206.2%20&color=brighgreen)
 								![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen)
 								### Description
 								A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
 								### POC
 								#### Reference
 								- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c710f75256bb3cf05ac7b1672c82b92c43f3d28
 								#### Github
 								- https://github.com/EGI-Federation/SVG-advisories
 								- https://github.com/N1ghtu/RWCTF6th-RIPTC
 								- https://github.com/Threekiii/CVE
 								- https://github.com/lanleft/CVE2023-1829
 								- https://github.com/star-sg/CVE
 								- https://github.com/xairy/linux-kernel-exploitation