Bug 2237752 (CVE-2023-4015) - CVE-2023-4015 kenrnel: use after free in nft_immediate_deactivate
Summary: CVE-2023-4015 kenrnel: use after free in nft_immediate_deactivate
Keywords:
Status: NEW
Alias: CVE-2023-4015
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2237754
TreeView+ depends on / blocked
 
Reported: 2023-09-06 17:37 UTC by juneau
Modified: 2023-10-10 10:28 UTC (History)
41 users (show)

Fixed In Version: Kernel 6.5-rc4
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the Linux kernel's netfilter: nf_tables component, which can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can unbind the chain and objects can be deactivated but used later.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description juneau 2023-09-06 17:37:08 UTC 
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used.

We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a771f7b266b02d262900c75f1e175c7fe76fec2
https://kernel.dance/0a771f7b266b02d262900c75f1e175c7fe76fec2
Note You need to log in before you can comment on or make changes to this bug.