First published: Wed Sep 06 2023(Updated: )
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.
Credit: cve-coordination@google.com cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <6.5 | |
Debian Debian Linux | =12.0 | |
debian/linux | <=4.19.249-2<=4.19.289-2 | 5.10.197-1 5.10.191-1 6.1.66-1 6.1.69-1 6.5.13-1 6.6.9-1 |
F5 Traffix SDC | >=1<=5=5.2.0 | 5.2.0 |
IBM QRadar SIEM | <=7.5 - 7.5.0 UP8 IF01 | |
>=3.18<4.14.326 | ||
>=4.15<4.19.295 | ||
>=4.20<5.4.253 | ||
>=5.5<5.10.190 | ||
>=5.11<5.15.126 | ||
>=5.16<6.1.45 | ||
>=6.2<6.4.10 | ||
=12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-4207 is a use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component that can be exploited to achieve local privilege escalation.
CVE-2023-4207 has a severity rating of 7.8 (High).
CVE-2023-4207 affects the Linux Kernel versions up to 6.5, Debian Linux 12.0, and certain versions of the 'linux' package from the Debian repository.
To fix CVE-2023-4207 on Linux, it is recommended to update to version 5.10.191-1, 6.1.52-1, or 6.5.3-1 of the 'linux' package provided by the Debian repository, or update to a patched version of the Linux Kernel.
Yes, you can find references for CVE-2023-4207 at the following URLs: [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec [2] https://kernel.dance/76e42ae831991c828cffa8c37736ebfb831ad5ec [3] https://www.debian.org/security/2023/dsa-5492