2023-09-06 16:00:28 +00:00
{
"id" : "CVE-2023-4208" ,
"sourceIdentifier" : "cve-coordination@google.com" ,
"published" : "2023-09-06T14:15:11.627" ,
2024-02-15 17:00:34 +00:00
"lastModified" : "2024-02-15T15:57:17.537" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-09-06 16:00:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nWhen u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\n\nWe recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.\n\n"
2024-01-11 21:00:28 +00:00
} ,
{
"lang" : "es" ,
"value" : "Una vulnerabilidad de Use After Free en el componente net/sched: cls_u32 del kernel de Linux puede ser explotada para conseguir una escalada local de privilegios. Cuando se llama a u32_change() en un filtro existente, toda la estructura tcf_result se copia siempre en la nueva instancia del filtro. Esto causa un problema cuando se actualiza un filtro vinculado a una clase, ya que tcf_unbind_filter() siempre llama a la instancia antigua en la ruta de \u00e9xito, disminuyendo filter_cnt de la clase a\u00fan referenciada y permitiendo que se elimine, lo que lleva a un Use After Free. Recomendamos actualizar el commit a partir de 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81."
2023-09-06 16:00:28 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-09-11 20:00:29 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
} ,
2023-09-06 16:00:28 +00:00
{
"source" : "cve-coordination@google.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
2023-09-11 20:00:29 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-416"
}
]
} ,
2023-09-06 16:00:28 +00:00
{
"source" : "cve-coordination@google.com" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-416"
}
]
}
] ,
2023-09-11 20:00:29 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
2024-02-15 17:00:34 +00:00
"versionStartIncluding" : "3.18" ,
"versionEndExcluding" : "4.14.322" ,
"matchCriteriaId" : "1F7D3B5B-3896-4B9A-A0DF-07217A321EA9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.15" ,
"versionEndExcluding" : "4.19.291" ,
"matchCriteriaId" : "D2D2CA9F-4CC4-4AF5-8C6D-E58415AB782E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.20" ,
"versionEndExcluding" : "5.4.253" ,
"matchCriteriaId" : "0707E9FF-8CDE-4AC1-98F3-5BB74EF88F8A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.5" ,
"versionEndExcluding" : "5.10.190" ,
"matchCriteriaId" : "B8DECE4F-2D62-4976-B338-963015198AC8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.11" ,
"versionEndExcluding" : "5.15.126" ,
"matchCriteriaId" : "C552AC9E-23B8-4D7D-AA26-57985BD93962"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.16" ,
"versionEndExcluding" : "6.1.45" ,
"matchCriteriaId" : "A0CA013D-55AF-4494-A931-AFC8EA64E875"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.2" ,
"versionEndExcluding" : "6.4.10" ,
"matchCriteriaId" : "7BB0D94C-4FCE-46F4-A8D4-062D6A84627A"
2023-09-11 20:00:29 +00:00
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
] ,
2023-09-06 16:00:28 +00:00
"references" : [
{
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81" ,
2023-09-11 20:00:29 +00:00
"source" : "cve-coordination@google.com" ,
"tags" : [
"Vendor Advisory"
]
2023-09-06 16:00:28 +00:00
} ,
{
"url" : "https://kernel.dance/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81" ,
2023-09-11 20:00:29 +00:00
"source" : "cve-coordination@google.com" ,
"tags" : [
"Vendor Advisory"
]
2023-09-10 14:00:27 +00:00
} ,
2024-01-11 21:00:28 +00:00
{
"url" : "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" ,
2024-02-15 17:00:34 +00:00
"source" : "cve-coordination@google.com" ,
"tags" : [
"Third Party Advisory"
]
2024-01-11 21:00:28 +00:00
} ,
2023-09-10 14:00:27 +00:00
{
"url" : "https://www.debian.org/security/2023/dsa-5492" ,
2023-09-11 20:00:29 +00:00
"source" : "cve-coordination@google.com" ,
"tags" : [
"Third Party Advisory"
]
2023-09-06 16:00:28 +00:00
}
]
}
