Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2023-3609

Public on 2023-07-21
Modified on 2024-01-11
Description

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.

If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.

We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.

Severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2023-08-03 20:16 ALAS-2023-1792
Amazon Linux 2 - Core kernel 2023-08-03 18:09 ALAS2-2023-2179
Amazon Linux 2 - Kernel-5.10 Extra kernel 2023-08-03 19:42 ALAS2KERNEL-5.10-2023-038
Amazon Linux 2 - Kernel-5.15 Extra kernel 2023-07-14 23:38 ALAS2KERNEL-5.15-2023-024
Amazon Linux 2 - Kernel-5.4 Extra kernel 2023-07-14 23:38 ALAS2KERNEL-5.4-2023-049
Amazon Linux 2023 kernel 2023-07-17 20:45 ALAS2023-2023-251
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.318-240.529 2023-09-14 01:05 ALAS2LIVEPATCH-2023-148
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.318-241.531 2023-09-14 01:05 ALAS2LIVEPATCH-2023-147
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.320-242.534 2023-09-14 01:05 ALAS2LIVEPATCH-2023-146
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.179-171.711 2023-09-14 01:05 ALAS2LIVEPATCH-2023-144
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.184-174.730 2023-09-14 01:05 ALAS2LIVEPATCH-2023-143
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.184-175.731 2023-09-14 01:05 ALAS2LIVEPATCH-2023-142
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.184-175.749 2023-09-14 01:05 ALAS2LIVEPATCH-2023-145
Amazon Linux 2023 kernel-livepatch-6.1.29-50.88 2023-09-15 20:55 ALAS2023LIVEPATCH-2023-015
Amazon Linux 2023 kernel-livepatch-6.1.34-56.100 2023-09-15 20:55 ALAS2023LIVEPATCH-2023-014
Amazon Linux 2023 kernel-livepatch-6.1.34-58.102 2023-09-15 20:55 ALAS2023LIVEPATCH-2023-013
Amazon Linux 2023 kernel-livepatch-6.1.34-59.116 2023-09-15 20:55 ALAS2023LIVEPATCH-2023-012

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H