Bug 2181847 (CVE-2023-1281) - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation
Summary: CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic contro...
Keywords:
Status: NEW
Alias: CVE-2023-1281
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact: Li Shuang
URL:
Whiteboard:
Depends On: 2181860 2181861 2181862 2181863 2181864 2181865 2181866 2181867 2181868 2181869 2181870 2181871 2181872 2181874 2181875 2181876 2181877 2181878 2181879 2181880 2181881 2181882 2181883 2181884 2181885 2181886 2181887 2181888 2181889 2182811 2182812 2184035 2184036 2184037 2184038 2184042 2184043 2184044 2184045 2184146 2184148 2184149 2187750 2187751 2187753
Blocks: 2180965
TreeView+ depends on / blocked
 
Reported: 2023-03-26 14:52 UTC by Rohit Keshri
Modified: 2023-10-10 19:32 UTC (History)
51 users (show)

Fixed In Version: Kernel 6.2 RC16
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:3852 0 None None None 2023-06-27 14:04:29 UTC
Red Hat Product Errata RHSA-2023:3853 0 None None None 2023-06-27 14:04:23 UTC
Red Hat Product Errata RHSA-2023:4125 0 None None None 2023-07-18 07:44:54 UTC
Red Hat Product Errata RHSA-2023:4126 0 None None None 2023-07-18 07:45:09 UTC
Red Hat Product Errata RHSA-2023:4130 0 None None None 2023-07-18 08:19:41 UTC
Red Hat Product Errata RHSA-2023:4145 0 None None None 2023-07-18 08:18:56 UTC
Red Hat Product Errata RHSA-2023:4146 0 None None None 2023-07-18 08:21:24 UTC
Red Hat Product Errata RHSA-2023:4255 0 None None None 2023-07-25 07:52:53 UTC
Red Hat Product Errata RHSA-2023:4256 0 None None None 2023-07-25 07:53:08 UTC
Red Hat Product Errata RHSA-2023:4262 0 None None None 2023-07-25 07:51:58 UTC
Red Hat Product Errata RHSA-2023:4517 0 None None None 2023-08-08 08:19:51 UTC
Red Hat Product Errata RHSA-2023:4531 0 None None None 2023-08-08 08:20:04 UTC
Red Hat Product Errata RHSA-2023:4541 0 None None None 2023-08-08 07:54:19 UTC

Description Rohit Keshri 2023-03-26 14:52:05 UTC 
A Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. 

A local attacker user can use this vulnerability to elevate its privileges to root. 

This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee059170b1f7e94e55fa6cadee544e176a6e59c2
Comment 20 errata-xmlrpc 2023-06-27 14:04:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3853 https://access.redhat.com/errata/RHSA-2023:3853
Comment 21 errata-xmlrpc 2023-06-27 14:04:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3852 https://access.redhat.com/errata/RHSA-2023:3852
Comment 23 errata-xmlrpc 2023-07-18 07:44:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4125 https://access.redhat.com/errata/RHSA-2023:4125
Comment 24 errata-xmlrpc 2023-07-18 07:45:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4126 https://access.redhat.com/errata/RHSA-2023:4126
Comment 25 errata-xmlrpc 2023-07-18 08:18:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4145 https://access.redhat.com/errata/RHSA-2023:4145
Comment 26 errata-xmlrpc 2023-07-18 08:19:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4130 https://access.redhat.com/errata/RHSA-2023:4130
Comment 27 errata-xmlrpc 2023-07-18 08:21:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Via RHSA-2023:4146 https://access.redhat.com/errata/RHSA-2023:4146
Comment 29 errata-xmlrpc 2023-07-25 07:51:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2023:4262 https://access.redhat.com/errata/RHSA-2023:4262
Comment 30 errata-xmlrpc 2023-07-25 07:52:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4255 https://access.redhat.com/errata/RHSA-2023:4255
Comment 31 errata-xmlrpc 2023-07-25 07:53:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4256 https://access.redhat.com/errata/RHSA-2023:4256
Comment 32 errata-xmlrpc 2023-08-08 07:54:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4541 https://access.redhat.com/errata/RHSA-2023:4541
Comment 33 errata-xmlrpc 2023-08-08 08:19:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4517 https://access.redhat.com/errata/RHSA-2023:4517
Comment 34 errata-xmlrpc 2023-08-08 08:19:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4531 https://access.redhat.com/errata/RHSA-2023:4531
Note You need to log in before you can comment on or make changes to this bug.