PT-2023-5190 · Linux+9 · Linux Kernel+9

Valis

·

Published

2023-09-05

·

Updated

2025-02-13

·

CVE-2023-4921

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free vulnerability in the Linux kernel's net/sched: sch qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq dequeue() due to the incorrect .peek handler of sch plug and lack of error checking in agg dequeue().
Recommendations Upgrade past commit 8fc134fee27f2263988ae38920bc03da416b03d8 to resolve the issue. As a temporary workaround, consider disabling the qfq dequeue() function until a patch is available. Restrict access to the vulnerable sch qfq component to minimize the risk of exploitation. Avoid using the sch plug qdisc as a class of the qfq qdisc until the issue is resolved.

Exploit

Fix

LPE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:0897
ALT-PU-2023-7004
ALT-PU-2023-7787
ALT-PU-2023-7838
ALT-PU-2023-8485
ALT-PU-2024-6818
AZL-28779
BDU:2023-05783
CESA-2024_0876
CESA-2024_0881
CESA-2024_0897
CESA-2024_1249
CVE-2023-4921
DLA-3623-1
DLA-3710-1
MGASA-2023-0295
MGASA-2023-0296
OESA-2023-1666
OESA-2023-1667
OESA-2023-1668
OESA-2023-1669
OESA-2023-1670
OPENSUSE-SU-2023_4035-1
OPENSUSE-SU-2023_4057-1
OPENSUSE-SU-2023_4058-1
OPENSUSE-SU-2023_4071-1
OPENSUSE-SU-2023_4072-1
OPENSUSE-SU-2023_4072-2
OPENSUSE-SU-2023_4347-1
OPENSUSE-SU-2024_0469-1
OPENSUSE-SU-2024_0515-1
RHSA-2024:0562
RHSA-2024:0563
RHSA-2024:0593
RHSA-2024:0724
RHSA-2024:0851
RHSA-2024:0876
RHSA-2024:0881
RHSA-2024:0897
RHSA-2024:0980
RHSA-2024:0999
RHSA-2024:1249
RHSA-2024:1268
RHSA-2024:1269
RHSA-2024:1278
RHSA-2024:1323
RHSA-2024:1332
RHSA-2024:1368
RHSA-2024:1404
RHSA-2024:1831
RHSA-2024_0881
RHSA-2024_0897
RHSA-2024_1249
RHSA-2024_1332
SUSE-SU-2023:4030-1
SUSE-SU-2023:4031-1
SUSE-SU-2023:4032-1
SUSE-SU-2023:4033-1
SUSE-SU-2023:4035-1
SUSE-SU-2023:4057-1
SUSE-SU-2023:4058-1
SUSE-SU-2023:4071-1
SUSE-SU-2023:4072-1
SUSE-SU-2023:4072-2
SUSE-SU-2023:4093-1
SUSE-SU-2023:4095-1
SUSE-SU-2023:4142-1
SUSE-SU-2023:4347-1
SUSE-SU-2024:0469-1
SUSE-SU-2024:0474-1
SUSE-SU-2024:0478-1
SUSE-SU-2024:0514-1
SUSE-SU-2024:0515-1
SUSE-SU-2024:0516-1
SUSE-SU-2024:0622-1
SUSE-SU-2024:0624-1
SUSE-SU-2024:0655-1
SUSE-SU-2024:0666-1
SUSE-SU-2024:0685-1
SUSE-SU-2024:0698-1
SUSE-SU-2024:0727-1
USN-6439-1
USN-6439-2
USN-6440-1
USN-6440-2
USN-6440-3
USN-6441-1
USN-6441-2
USN-6441-3
USN-6442-1
USN-6444-1
USN-6444-2
USN-6445-1
USN-6445-2
USN-6446-1
USN-6446-2
USN-6446-3
USN-6454-1
USN-6454-2
USN-6454-3
USN-6454-4
USN-6461-1
USN-6466-1
USN-6479-1
USN-6699-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu