admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-0461.md
0xMarcio 48a00929ac Removed duplicates
2024-06-18 02:51:15 +02:00

28 lines
1.9 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### [CVE-2023-0461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0461)
![](https://img.shields.io/static/v1?label=Product&message=Linux%20Kernel&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202c02d41d71f90a5168391b6a5f2954112ba2307c%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen)
### Description
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.The setsockopt TCP_ULP operation does not require any privilege.We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c
### POC
#### Reference
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c02d41d71f90a5168391b6a5f2954112ba2307c
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/EGI-Federation/SVG-advisories
- https://github.com/borzakovskiy/CoolSols
- https://github.com/c0debatya/CoolSols
- https://github.com/hheeyywweellccoommee/linux-4.19.72_CVE-2023-0461-ycnbd
- https://github.com/hshivhare67/kernel_v4.19.72_CVE-2023-0461
- https://github.com/nidhi7598/linux-4.19.72_CVE-2023-0461
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/rockrid3r/CoolSols
- https://github.com/sysca11/CoolSols
- https://github.com/xairy/linux-kernel-exploitation
Reference in New Issue View Git Blame Copy Permalink