Bug 2188470 (CVE-2023-1829) - CVE-2023-1829 kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter
Summary: CVE-2023-1829 kernel: Use-after-free vulnerability in the Linux Kernel traffi...
Keywords:
Status: NEW
Alias: CVE-2023-1829
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2192294 2192295 2192296 2192300 2192302 2192303 2192304 2192305 2192308 2192499 2192500 2192501 2192502 2192293 2192297 2192298 2192299 2192301 2192306 2192307 2192309 2192310 2192311 2192312 2192496 2192497 2192498 2192503 2192504 2192505
Blocks: 2188471
TreeView+ depends on / blocked
 
Reported: 2023-04-20 20:55 UTC by Pedro Sampaio
Modified: 2023-08-08 08:20 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. This flaw allows a local attacker to cause a use-after-free problem, leading to privilege escalation.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:4515 0 None None None 2023-08-08 07:22:30 UTC
Red Hat Product Errata RHSA-2023:4516 0 None None None 2023-08-08 07:22:22 UTC
Red Hat Product Errata RHSA-2023:4517 0 None None None 2023-08-08 08:19:51 UTC
Red Hat Product Errata RHSA-2023:4531 0 None None None 2023-08-08 08:20:02 UTC
Red Hat Product Errata RHSA-2023:4541 0 None None None 2023-08-08 07:54:25 UTC

Description Pedro Sampaio 2023-04-20 20:55:38 UTC 
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.

References:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c710f75256bb3cf05ac7b1672c82b92c43f3d28
https://kernel.dance/#8c710f75256bb3cf05ac7b1672c82b92c43f3d28
Comment 29 errata-xmlrpc 2023-08-08 07:22:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:4516 https://access.redhat.com/errata/RHSA-2023:4516
Comment 30 errata-xmlrpc 2023-08-08 07:22:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:4515 https://access.redhat.com/errata/RHSA-2023:4515
Comment 31 errata-xmlrpc 2023-08-08 07:54:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4541 https://access.redhat.com/errata/RHSA-2023:4541
Comment 32 errata-xmlrpc 2023-08-08 08:19:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4517 https://access.redhat.com/errata/RHSA-2023:4517
Comment 33 errata-xmlrpc 2023-08-08 08:19:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4531 https://access.redhat.com/errata/RHSA-2023:4531
Note You need to log in before you can comment on or make changes to this bug.