2023-09-06 16:00:28 +00:00
{
"id" : "CVE-2023-3777" ,
"sourceIdentifier" : "cve-coordination@google.com" ,
"published" : "2023-09-06T14:15:10.860" ,
2025-03-20 17:04:09 +00:00
"lastModified" : "2025-03-20T17:00:02.777" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-09-06 16:00:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
2025-02-13 19:04:13 +00:00
"value" : "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nWhen nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances.\n\nWe recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8."
2023-10-11 20:00:28 +00:00
} ,
{
"lang" : "es" ,
"value" : "Una vulnerabilidad de Use-After-Free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para lograr una escalada de privilegios local. Cuando nf_tables_delrule() vac\u00eda las reglas de la tabla, no se verifica si la cadena est\u00e1 vinculada y la regla del propietario de la cadena tambi\u00e9n puede liberar los objetos en determinadas circunstancias. Recomendamos actualizar al pasado commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.\n"
2023-09-06 16:00:28 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-09-11 18:00:31 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "cve-coordination@google.com" ,
"type" : "Secondary" ,
2023-09-11 18:00:31 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH" ,
2023-09-11 18:00:31 +00:00
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-09-11 18:00:31 +00:00
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
} ,
2023-09-06 16:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-09-06 16:00:28 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH" ,
2023-09-06 16:00:28 +00:00
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-09-06 16:00:28 +00:00
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
2023-09-11 18:00:31 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "cve-coordination@google.com" ,
"type" : "Secondary" ,
2023-09-11 18:00:31 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-416"
}
]
} ,
2023-09-06 16:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-09-06 16:00:28 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-416"
}
]
}
] ,
2023-09-11 18:00:31 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
2024-08-26 18:03:13 +00:00
"versionStartIncluding" : "5.9" ,
"versionEndExcluding" : "5.10.188" ,
"matchCriteriaId" : "D00465E7-4C90-4F70-BFB1-A877E520AD2B"
2023-09-11 18:00:31 +00:00
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
2024-08-26 18:03:13 +00:00
"versionStartIncluding" : "5.11" ,
"versionEndExcluding" : "5.15.123" ,
"matchCriteriaId" : "372C0BAA-44F5-4829-A7B0-E4924B682DA4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.16" ,
"versionEndExcluding" : "6.1.42" ,
"matchCriteriaId" : "6E769E6A-7EEF-4FA8-BF41-6CA1CE537361"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.2" ,
"versionEndExcluding" : "6.4.7" ,
"matchCriteriaId" : "60A1A1ED-EA6C-42F6-80D3-3316DC7608C7"
2023-09-11 18:00:31 +00:00
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
2023-10-29 09:06:41 +00:00
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" ,
"matchCriteriaId" : "815D70A8-47D3-459C-A32C-9FEACA0659D1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" ,
"matchCriteriaId" : "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" ,
"matchCriteriaId" : "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" ,
"matchCriteriaId" : "902B8056-9E37-443B-8905-8AA93E2447FB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*" ,
"matchCriteriaId" : "359012F1-2C63-415A-88B8-6726A87830DE"
}
]
}
]
2023-09-11 18:00:31 +00:00
}
] ,
2023-09-06 16:00:28 +00:00
"references" : [
2023-10-11 20:00:28 +00:00
{
"url" : "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" ,
2023-10-29 09:06:41 +00:00
"source" : "cve-coordination@google.com" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
2023-10-11 20:00:28 +00:00
} ,
2023-11-29 17:00:21 +00:00
{
"url" : "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" ,
2024-08-26 18:03:13 +00:00
"source" : "cve-coordination@google.com" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
2023-11-29 17:00:21 +00:00
} ,
2023-09-06 16:00:28 +00:00
{
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8" ,
2023-09-11 18:00:31 +00:00
"source" : "cve-coordination@google.com" ,
"tags" : [
"Issue Tracking" ,
"Mailing List" ,
"Patch" ,
"Vendor Advisory"
]
2023-09-06 16:00:28 +00:00
} ,
{
"url" : "https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8" ,
2023-09-11 18:00:31 +00:00
"source" : "cve-coordination@google.com" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
2023-09-10 14:00:27 +00:00
} ,
{
"url" : "https://www.debian.org/security/2023/dsa-5492" ,
2023-09-11 18:00:31 +00:00
"source" : "cve-coordination@google.com" ,
"tags" : [
"Third Party Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
} ,
{
"url" : "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
} ,
{
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Issue Tracking" ,
"Mailing List" ,
"Patch" ,
"Vendor Advisory"
]
} ,
{
"url" : "https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
} ,
{
"url" : "https://www.debian.org/security/2023/dsa-5492" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
2023-09-06 16:00:28 +00:00
}
]
}
