First published: Mon Aug 28 2023(Updated: )
A use-after-free flaw was found in nftables sub-component due to a race problem between set GC and transaction in the Linux Kernel. This flaw could allow a local attacker to crash the system, due to missing call to to `nft_set_elem_mark_busy` causing double deactivation of the element. This vulnerability could even lead to a kernel information leak problem. Refer: <a href="https://lore.kernel.org/netdev/20230810070830.24064-1-pablo@netfilter.org/">https://lore.kernel.org/netdev/20230810070830.24064-1-pablo@netfilter.org/</a> <a href="https://lore.kernel.org/netdev/20230815223011.7019-1-fw@strlen.de/">https://lore.kernel.org/netdev/20230815223011.7019-1-fw@strlen.de/</a>
Credit: cve-coordination@google.com cve-coordination@google.com cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <6.5 | |
redhat/Kernel | <6.5 | 6.5 |
Debian Debian Linux | =10.0 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 |
If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-4244 is a use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component.
CVE-2023-4244 can be exploited to achieve local privilege escalation.
CVE-2023-4244 has a severity rating of 7.8 (high).
CVE-2023-4244 affects the Linux kernel version 6.5 and below.
Yes, a fix for CVE-2023-4244 is available. Please refer to the provided references for more information on the fix.