First published: Tue Nov 14 2023(Updated: )
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times. We recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630.
Credit: cve-coordination@google.com cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/linux-hwe | <6.7~ | 6.7~ |
ubuntu/linux-hwe-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-hwe-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-hwe-6.2 | <6.7~ | 6.7~ |
ubuntu/linux-lts-xenial | <6.7~ | 6.7~ |
ubuntu/linux-kvm | <6.7~ | 6.7~ |
ubuntu/linux-aws-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-aws-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-aws-6.2 | <6.7~ | 6.7~ |
ubuntu/linux-aws-hwe | <6.7~ | 6.7~ |
ubuntu/linux-azure | <6.7~ | 6.7~ |
ubuntu/linux-azure-4.15 | <6.7~ | 6.7~ |
ubuntu/linux-azure-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-azure-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-azure-6.2 | <6.7~ | 6.7~ |
ubuntu/linux-azure-fde | <6.7~ | 6.7~ |
ubuntu/linux-azure-fde-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-azure-fde-6.2 | <6.7~ | 6.7~ |
ubuntu/linux-bluefield | <6.7~ | 6.7~ |
ubuntu/linux-fips | <6.7~ | 6.7~ |
ubuntu/linux-gcp | <6.7~ | 6.7~ |
ubuntu/linux-gcp-4.15 | <6.7~ | 6.7~ |
ubuntu/linux-gcp-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-gcp-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-gcp-5.19 | <6.7~ | 6.7~ |
ubuntu/linux-gke | <6.7~ | 6.7~ |
ubuntu/linux-gkeop | <6.7~ | 6.7~ |
ubuntu/linux-gkeop-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-ibm | <6.7~ | 6.7~ |
ubuntu/linux-ibm-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-ibm-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-intel-iotg | <6.7~ | 6.7~ |
ubuntu/linux-intel-iotg-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-iot | <6.7~ | 6.7~ |
ubuntu/linux-laptop | <6.7~ | 6.7~ |
ubuntu/linux-lowlatency | <6.7~ | 6.7~ |
ubuntu/linux-lowlatency-hwe-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-lowlatency-hwe-6.2 | <6.7~ | 6.7~ |
ubuntu/linux-nvidia | <6.7~ | 6.7~ |
ubuntu/linux-nvidia-6.2 | <6.7~ | 6.7~ |
ubuntu/linux-oracle | <6.7~ | 6.7~ |
ubuntu/linux-oracle-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-oracle-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-oem-6.1 | <6.7~ | 6.7~ |
ubuntu/linux-oem-6.1 | <6.1.0-1028.28 | 6.1.0-1028.28 |
ubuntu/linux-oem-6.5 | <6.7~ | 6.7~ |
ubuntu/linux-raspi | <6.7~ | 6.7~ |
ubuntu/linux-raspi-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-riscv | <6.7~ | 6.7~ |
ubuntu/linux-riscv-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-starfive | <6.7~ | 6.7~ |
ubuntu/linux-starfive-6.2 | <6.7~ | 6.7~ |
ubuntu/linux-xilinx-zynqmp | <6.7~ | 6.7~ |
ubuntu/linux | <6.7~ | 6.7~ |
ubuntu/linux-aws | <6.7~ | 6.7~ |
debian/linux | 4.19.249-2 4.19.304-1 5.10.197-1 5.10.205-2 6.1.66-1 6.1.69-1 6.5.13-1 6.6.9-1 | |
Linux Linux kernel | >=6.6<6.7 | |
Linux Linux kernel | >=5.15.134<5.15.140 | |
Linux Linux kernel | >=6.1.56<6.1.64 | |
Linux Linux kernel | >=6.5.6<6.5.13 | |
Linux Linux kernel | >=6.6<6.6.3 |
If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-6111.
The title of this vulnerability is 'Use-after-free in Linux kernel's netfilter: nf_tables component'.
The severity level of this vulnerability is high (7.8).
This vulnerability can be exploited to achieve local privilege escalation.
Yes, a fix for this vulnerability is available. Please refer to the provided references for more information.