← Back

CVE-2023-4147

nvd nist
Published: Aug 7, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

Affected (16)

Show all products
Linux: Linux Kernel · Fedoraproject: Fedora · Redhat: Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Real Time, Enterprise Linux For Real Time For Nfv, Enterprise Linux Server Aus · Debian: Debian Linux
Linux
1 product
Linux Kernel
Fedoraproject
1 product
Fedora
Redhat
5 products
Enterprise Linux
Enterprise Linux Eus
Enterprise Linux For Real Time
Enterprise Linux For Real Time For Nfv
Enterprise Linux Server Aus
Debian
1 product
Debian Linux
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 5.11 to 5.15.124
Linux Kernel
From 5.16 to 6.1.43
Linux Kernel
From 5.9 to 5.10.190
Linux Kernel
From 6.2 to 6.4.8
Linux Kernel
Version 6.5 rc1
Linux Kernel
Version 6.5 rc2
Linux Kernel
Version 6.5 rc3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 38
Configuration C
5 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux
Version 9.0
Enterprise Linux Eus
Version 9.2
Enterprise Linux For Real Time
Version 9.0
Enterprise Linux For Real Time For Nfv
Version 9.0
Enterprise Linux Server Aus
Version 9.2
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 11.0
Debian Linux
Version 12.0

Related CWEs

CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (24)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Mailing ListPatch
Source: secalert@redhat.com
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch

Timeline

No history available yet.