cve/CVE-2023-4206.md at b8bb3913ae5ed6689c69f4d953bda7435b2f2da7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 3428c6bdc6 Update CVE sources 2024-08-05 18:41

2024-08-05 18:41:32 +00:00

Description

A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.

POC

Reference

No PoCs from references.

Github

https://github.com/EGI-Federation/SVG-advisories
https://github.com/cvestone/CtfCollections
https://github.com/hshivhare67/Kernel_4.1.15_CVE-2023-4206_CVE-2023-4207_CVE-2023-4208
https://github.com/nomi-sec/PoC-in-GitHub

1.3 KiB Raw Blame History

CVE-2023-4206

Description

POC

Reference

Github

1.3 KiB

Raw Blame History