PT-2023-4957 · Linux+10 · Linux Kernel+10

Bien Pham

·

Published

2023-08-10

·

Updated

2025-10-31

·

CVE-2023-4244

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the commit 3e91b0ebd994635df2346353322ac51ce84ce6d8
Description A use-after-free vulnerability in the Linux kernel's netfilter: nf tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf tables netlink control plane transaction and nft set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability.
Recommendations Upgrade past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8 to resolve the issue. As a temporary workaround, consider restricting access to the nf tables component to minimize the risk of exploitation.

Exploit

Fix

LPE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:2950
ALSA-2024:3138
ALT-PU-2023-5748
ALT-PU-2023-5787
ALT-PU-2023-7004
ALT-PU-2023-8395
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-28676
BDU:2023-05481
CESA-2024_2950
CESA-2024_3138
CVE-2023-4244
DLA-3623-1
DLA-3710-1
INFSA-2024_2950
INFSA-2024_3138
OESA-2025-2554
OPENSUSE-SU-2023_4730-1
OPENSUSE-SU-2023_4731-1
OPENSUSE-SU-2023_4732-1
OPENSUSE-SU-2023_4734-1
OPENSUSE-SU-2023_4782-1
OPENSUSE-SU-2024_2185-1
OPENSUSE-SU-2025_0517-1
OPENSUSE-SU-2025_0517-2
OPENSUSE-SU-2025_0771-1
OPENSUSE-SU-2025_0855-1
RHSA-2024:1018
RHSA-2024:1019
RHSA-2024:1248
RHSA-2024:2950
RHSA-2024:3138
RHSA-2024:3414
RHSA-2024:3421
RHSA-2024_1248
RHSA-2024_2950
RHSA-2024_3138
RLSA-2024:2950
RLSA-2024:3138
RXSA-2024:1248
SUSE-SU-2023:4730-1
SUSE-SU-2023:4731-1
SUSE-SU-2023:4732-1
SUSE-SU-2023:4734-1
SUSE-SU-2023:4782-1
SUSE-SU-2023:4810-1
SUSE-SU-2024:2010-1
SUSE-SU-2024:2183-1
SUSE-SU-2024:2185-1
SUSE-SU-2024:2493-1
SUSE-SU-2024:2561-1
SUSE-SU-2024:2901-1
SUSE-SU-2025:0771-1
SUSE-SU-2025:0855-1
SUSE-SU-2025:0867-1
SUSE-SU-2025_0517-1
SUSE-SU-2025_0517-2
SUSE-SU-2025_0771-1
SUSE-SU-2025_0855-1
USN-6443-1
USN-6444-1
USN-6444-2
USN-6445-1
USN-6445-2
USN-6446-1
USN-6446-2
USN-6446-3
USN-6461-1
USN-6466-1
USN-6503-1
USN-6537-1
USN-6572-1
USN-6681-1
USN-6681-2
USN-6681-3
USN-6681-4
USN-6716-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu