PT-2023-3675 · Linux+9 · Linux Kernel+9

Published

2023-06-09

Updated

2024-11-21

CVE-2023-3609

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free vulnerability in the Linux kernel's net/sched: cls u32 component can be exploited to achieve local privilege escalation. If tcf change indev() fails, u32 set parms() will immediately return an error after incrementing or decrementing the reference counter in tcf bind filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.

Recommendations Upgrade past commit 04c55383fa5689357bcdd2c8036725a55ed632bc to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable cls u32 component to minimize the risk of exploitation.

Fix

DoS

LPE

Double Free

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-416

Related Identifiers

ALSA-2023:7077

ALT-PU-2023-4663

ALT-PU-2024-14046

ALT-PU-2024-6818

AZL-27676

BDU:2023-03960

CESA-2023_6901

CESA-2023_7077

CVE-2023-3609

DLA-3623-1

DLA-3710-1

DSA-5480-1

LSN-0098-1

LSN-0099-1

OESA-2023-1467

OESA-2023-1468

OESA-2023-1469

OESA-2023-1470

OESA-2023-1471

OPENSUSE-SU-2023_3182-1

OPENSUSE-SU-2023_3302-1

OPENSUSE-SU-2023_3311-1

OPENSUSE-SU-2023_3313-1

OPENSUSE-SU-2023_3318-1

OPENSUSE-SU-2023_3376-1

OPENSUSE-SU-2023_3391-1

OPENSUSE-SU-2023_3392-1

RHSA-2023:5574

RHSA-2023:5621

RHSA-2023:5622

RHSA-2023:5628

RHSA-2023:5775

RHSA-2023:5794

RHSA-2023:6583

RHSA-2023:6799

RHSA-2023:6813

RHSA-2023:6901

RHSA-2023:7077

RHSA-2023:7294

RHSA-2023:7370

RHSA-2023:7379

RHSA-2023:7398

RHSA-2023:7410

RHSA-2023:7417

RHSA-2023:7418

RHSA-2023:7431

RHSA-2023:7434

RHSA-2023:7539

RHSA-2023:7558

RHSA-2023_5621

RHSA-2023_5622

RHSA-2023_6583

RHSA-2023_6901

RHSA-2023_7077

RHSA-2024:0999

RHSA-2024:1250

RHSA-2024:1253

RHSA-2024:1306

SUSE-SU-2023:3182-1

SUSE-SU-2023:3302-1

SUSE-SU-2023:3309-1

SUSE-SU-2023:3311-1

SUSE-SU-2023:3313-1

SUSE-SU-2023:3318-1

SUSE-SU-2023:3329-1

SUSE-SU-2023:3349-1

SUSE-SU-2023:3376-1

SUSE-SU-2023:3390-1

SUSE-SU-2023:3391-1

SUSE-SU-2023:3392-1

SUSE-SU-2023:3421-1

SUSE-SU-2023:3749-1

SUSE-SU-2023:3768-1

SUSE-SU-2023:3772-1

SUSE-SU-2023:3773-1

SUSE-SU-2023:3783-1

SUSE-SU-2023:3784-1

SUSE-SU-2023:3786-1

SUSE-SU-2023:3788-1

SUSE-SU-2023:3809-1

SUSE-SU-2023:3812-1

SUSE-SU-2023:3838-1

SUSE-SU-2023:3844-1

SUSE-SU-2023:3846-1

SUSE-SU-2023:3889-1

SUSE-SU-2023:3892-1

SUSE-SU-2023:3893-1

SUSE-SU-2023:3922-1

SUSE-SU-2023:3923-1

SUSE-SU-2023:3924-1

SUSE-SU-2023:3928-1

SUSE-SU-2023_3182-1

USN-6285-1

USN-6315-1

USN-6317-1

USN-6318-1

USN-6321-1

USN-6324-1

USN-6325-1

USN-6328-1

USN-6329-1

USN-6330-1

USN-6331-1

USN-6332-1

USN-6346-1

USN-6348-1

USN-6357-1

USN-6385-1

USN-6397-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Suse

Ubuntu

PT-2023-3675 · Linux+9 · Linux Kernel+9

CVE-2023-3609

Weakness Enumeration

Related Identifiers

Affected Products

References · 592