PT-2023-4896 · Linux+9 · Linux Kernel+9

Budimir Markovic

·

Published

2023-08-25

·

Updated

2025-03-20

·

CVE-2023-4623

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free vulnerability in the Linux kernel's net/sched: sch hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC FSC flag set) has a parent without a link-sharing curve, then init vf() will call vttree insert() on the parent, but vttree remove() will be skipped in update vf(). This leaves a dangling pointer that can cause a use-after-free.
Recommendations Upgrade past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable sch hfsc component until a patch is available.

Exploit

Fix

DoS

LPE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:0897
ALT-PU-2023-7004
ALT-PU-2023-7787
ALT-PU-2023-7838
ALT-PU-2023-8485
ALT-PU-2024-6818
AZL-31697
BDU:2023-05388
CESA-2024_0876
CESA-2024_0881
CESA-2024_0897
CVE-2023-4623
DLA-3623-1
DLA-3710-1
LSN-0099-1
OESA-2023-1841
OESA-2023-1842
OESA-2023-1843
OESA-2023-1844
OESA-2023-1845
OPENSUSE-SU-2023_4035-1
OPENSUSE-SU-2023_4057-1
OPENSUSE-SU-2023_4058-1
OPENSUSE-SU-2023_4071-1
OPENSUSE-SU-2023_4072-1
OPENSUSE-SU-2023_4072-2
OPENSUSE-SU-2023_4164-1
OPENSUSE-SU-2023_4165-1
OPENSUSE-SU-2023_4166-1
OPENSUSE-SU-2023_4347-1
OPENSUSE-SU-2024:13305-1
OPENSUSE-SU-2024:13704-1
RHSA-2024:0340
RHSA-2024:0378
RHSA-2024:0381
RHSA-2024:0386
RHSA-2024:0412
RHSA-2024:0431
RHSA-2024:0432
RHSA-2024:0439
RHSA-2024:0448
RHSA-2024:0461
RHSA-2024:0554
RHSA-2024:0562
RHSA-2024:0563
RHSA-2024:0575
RHSA-2024:0593
RHSA-2024:0876
RHSA-2024:0881
RHSA-2024:0897
RHSA-2024:1268
RHSA-2024:1269
RHSA-2024:1278
RHSA-2024:1746
RHSA-2024:1747
RHSA-2024:1960
RHSA-2024:2003
RHSA-2024:2004
RHSA-2024_0461
RHSA-2024_0881
RHSA-2024_0897
RHSA-2024_2003
RHSA-2024_2004
SUSE-SU-2023:4028-1
SUSE-SU-2023:4030-1
SUSE-SU-2023:4031-1
SUSE-SU-2023:4032-1
SUSE-SU-2023:4033-1
SUSE-SU-2023:4035-1
SUSE-SU-2023:4057-1
SUSE-SU-2023:4058-1
SUSE-SU-2023:4071-1
SUSE-SU-2023:4072-1
SUSE-SU-2023:4072-2
SUSE-SU-2023:4093-1
SUSE-SU-2023:4095-1
SUSE-SU-2023:4142-1
SUSE-SU-2023:4164-1
SUSE-SU-2023:4165-1
SUSE-SU-2023:4166-1
SUSE-SU-2023:4175-1
SUSE-SU-2023:4201-1
SUSE-SU-2023:4204-1
SUSE-SU-2023:4208-1
SUSE-SU-2023:4219-1
SUSE-SU-2023:4239-1
SUSE-SU-2023:4243-1
SUSE-SU-2023:4244-1
SUSE-SU-2023:4245-1
SUSE-SU-2023:4260-1
SUSE-SU-2023:4261-1
SUSE-SU-2023:4267-1
SUSE-SU-2023:4273-1
SUSE-SU-2023:4278-1
SUSE-SU-2023:4279-1
SUSE-SU-2023:4280-1
SUSE-SU-2023:4285-1
SUSE-SU-2023:4300-1
SUSE-SU-2023:4301-1
SUSE-SU-2023:4308-1
SUSE-SU-2023:4313-1
SUSE-SU-2023:4321-1
SUSE-SU-2023:4322-1
SUSE-SU-2023:4325-1
SUSE-SU-2023:4326-1
SUSE-SU-2023:4328-1
SUSE-SU-2023:4347-1
USN-6415-1
USN-6439-1
USN-6439-2
USN-6440-1
USN-6440-2
USN-6440-3
USN-6441-1
USN-6441-2
USN-6441-3
USN-6442-1
USN-6444-1
USN-6444-2
USN-6445-1
USN-6445-2
USN-6446-1
USN-6446-2
USN-6446-3
USN-6460-1
USN-6466-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu