First published: Wed Apr 12 2023(Updated: )
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
Credit: cve-coordination@google.com cve-coordination@google.com cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <4.14.308 | |
Linux Linux kernel | >=4.15<4.19.276 | |
Linux Linux kernel | >=4.20<5.4.235 | |
Linux Linux kernel | >=5.5<5.10.173 | |
Linux Linux kernel | >=5.11<5.15.100 | |
Linux Linux kernel | >=5.16<6.1.18 | |
Linux Linux kernel | >=6.2<6.2.5 | |
Canonical Ubuntu | ||
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 |
Block autoloading the cls_tcindex module by adding the following lines to /etc/modprobe.d/blacklist-tcindex.conf: blacklist cls_tcindex
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.