CVE-2023-6817

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.7-rc5 Linux kernel versions 5.6 through 5.10.203 Linux kernel versions 5.6 through 5.15.142 Linux kernel versions 5.6 through 6.1.67 Linux kernel versions 5.6 through 6.6.6

Description A use-after-free vulnerability in the Linux kernel's netfilter: nf tables component can be exploited to achieve local privilege escalation. The function nft pipapo walk did not skip inactive elements during set walk, which could lead to double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. This issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information and elevate their privileges in the system.

Recommendations Upgrade past commit 317eb9685095678f2c9f5a8189de698c5354316a. For Linux kernel versions 5.10, upgrade to version 5.10.204 or later. For Linux kernel versions 5.15, upgrade to version 5.15.143 or later. For Linux kernel versions 6.1, upgrade to version 6.1.68 or later. For Linux kernel versions 6.6, upgrade to version 6.6.7 or later. As a temporary workaround, consider disabling the nft pipapo walk function until a patch is available.