CVE-2023-1281: UAF in Linux kernel's tcindex (traffic control index filter) implementation

First published: Wed Mar 22 2023(Updated: )

A Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee059170b1f7e94e55fa6cadee544e176a6e59c2">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee059170b1f7e94e55fa6cadee544e176a6e59c2</a>

Credit: cve-coordination@google.com cve-coordination@google.com

Affected Software	Affected Version	How to fix
Linux Linux kernel	>=4.14<5.10.169
Linux Linux kernel	>=5.11<5.15.95
Linux Linux kernel	>=5.16<6.1.13
Linux Linux kernel	=6.2-rc1
Linux Linux kernel	=6.2-rc2
Linux Linux kernel	=6.2-rc3
Linux Linux kernel	=6.2-rc4
Linux Linux kernel	=6.2-rc5
Linux Linux kernel	=6.2-rc6
Linux Linux kernel	=6.2-rc7
Linux Linux kernel	=6.2-rc8
redhat/Kernel	<6.2	6.2
debian/linux		5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.6-1

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee059170b1f7e94e55fa6cadee544e176a6e59c2

Remedy

https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2

CVE-2023-1281: UAF in Linux kernel's tcindex (traffic control index filter) implementation

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact