PT-2023-3974 · Linux+10 · Linux Kernel+10

M A Ramdhan

·

Published

2023-07-06

·

Updated

2024-08-22

·

CVE-2023-3776

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free vulnerability in the Linux kernel's net/sched: cls fw component can be exploited to achieve local privilege escalation. If tcf change indev() fails, fw set parms() will immediately return an error after incrementing or decrementing the reference counter in tcf bind filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.
Recommendations Upgrade past commit 0323bce598eea038714f941ce2b22541c46d488f.

Exploit

Fix

LPE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2023:5069
ALSA-2023:5091
ALSA-2023:5244
ALT-PU-2023-5540
ALT-PU-2023-5748
ALT-PU-2023-5787
ALT-PU-2023-7004
ALT-PU-2023-8472
ALT-PU-2024-6818
AZL-27677
BDU:2023-04270
CESA-2023_5221
CESA-2023_5244
CESA-2023_5255
CESA-2023_7423
CVE-2023-3776
DLA-3623-1
DLA-3710-1
DSA-5480-1
DSA-5492-1
LSN-0098-1
LSN-0099-1
OESA-2023-1467
OESA-2023-1468
OESA-2023-1469
OESA-2023-1470
OESA-2023-1471
OPENSUSE-SU-2023_3302-1
OPENSUSE-SU-2023_3311-1
OPENSUSE-SU-2023_3313-1
OPENSUSE-SU-2023_3318-1
OPENSUSE-SU-2023_3376-1
OPENSUSE-SU-2023_3377-1
OPENSUSE-SU-2023_3391-1
OPENSUSE-SU-2023_3392-1
RHSA-2023:5069
RHSA-2023:5091
RHSA-2023:5093
RHSA-2023:5221
RHSA-2023:5244
RHSA-2023:5255
RHSA-2023:5628
RHSA-2023:5775
RHSA-2023:5794
RHSA-2023:6799
RHSA-2023:6813
RHSA-2023:7294
RHSA-2023:7382
RHSA-2023:7389
RHSA-2023:7398
RHSA-2023:7410
RHSA-2023:7411
RHSA-2023:7417
RHSA-2023:7419
RHSA-2023:7423
RHSA-2023:7424
RHSA-2023:7431
RHSA-2023:7434
RHSA-2023_5069
RHSA-2023_5091
RHSA-2023_5244
RHSA-2023_5255
RHSA-2023_7423
RHSA-2023_7424
RHSA-2024:0262
RHSA-2024:1831
RLSA-2023:5091
RLSA-2023:5244
RXSA-2023:5244
SUSE-SU-2023:3302-1
SUSE-SU-2023:3309-1
SUSE-SU-2023:3311-1
SUSE-SU-2023:3313-1
SUSE-SU-2023:3318-1
SUSE-SU-2023:3324-1
SUSE-SU-2023:3329-1
SUSE-SU-2023:3333-1
SUSE-SU-2023:3349-1
SUSE-SU-2023:3376-1
SUSE-SU-2023:3377-1
SUSE-SU-2023:3390-1
SUSE-SU-2023:3391-1
SUSE-SU-2023:3392-1
SUSE-SU-2023:3421-1
SUSE-SU-2023:3749-1
SUSE-SU-2023:3768-1
SUSE-SU-2023:3772-1
SUSE-SU-2023:3773-1
SUSE-SU-2023:3783-1
SUSE-SU-2023:3784-1
SUSE-SU-2023:3786-1
SUSE-SU-2023:3788-1
SUSE-SU-2023:3809-1
SUSE-SU-2023:3812-1
SUSE-SU-2023:3838-1
SUSE-SU-2023:3844-1
SUSE-SU-2023:3846-1
SUSE-SU-2023:3889-1
SUSE-SU-2023:3892-1
SUSE-SU-2023:3893-1
SUSE-SU-2023:3922-1
SUSE-SU-2023:3923-1
SUSE-SU-2023:3924-1
SUSE-SU-2023:3928-1
USN-6285-1
USN-6309-1
USN-6315-1
USN-6317-1
USN-6318-1
USN-6321-1
USN-6324-1
USN-6325-1
USN-6327-1
USN-6328-1
USN-6329-1
USN-6330-1
USN-6331-1
USN-6332-1
USN-6341-1
USN-6342-1
USN-6342-2
USN-6346-1
USN-6348-1
USN-6357-1
USN-6385-1
USN-6397-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu