Slipper

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability, kernel configuration flag CONFIG TLS or CONFIG XFRM ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of `icsk ulp data` of a struct `inet connection sock`. When CONFIG TLS is enabled, a user can install a `tls context` on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The `setsockopt` `TCP ULP` operation does not require any privilege. **Recommendations** We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c. As a temporary workaround, consider disabling the `CONFIG TLS` or `CONFIG XFRM ESPINTCP` kernel configuration flags until a patch is available. Restrict access to the `setsockopt` `TCP ULP` operation to minimize the risk of exploitation. Avoid using the `tls context` on a connected tcp socket until the issue is resolved.