A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.
If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.
We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | kernel | 2023-08-03 20:16 | ALAS-2023-1792 |
Amazon Linux 2 - Core | kernel | 2023-08-03 18:09 | ALAS2-2023-2179 |
Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2023-08-03 19:42 | ALAS2KERNEL-5.10-2023-038 |
Amazon Linux 2 - Kernel-5.15 Extra | kernel | 2023-08-03 19:42 | ALAS2KERNEL-5.15-2023-025 |
Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2023-08-03 19:42 | ALAS2KERNEL-5.4-2023-050 |
Amazon Linux 2023 | kernel | 2023-08-17 11:20 | ALAS2023-2023-299 |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.318-240.529 | 2023-09-14 01:05 | ALAS2LIVEPATCH-2023-148 |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.318-241.531 | 2023-09-14 01:05 | ALAS2LIVEPATCH-2023-147 |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.320-242.534 | 2023-09-14 01:05 | ALAS2LIVEPATCH-2023-146 |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-5.10.179-171.711 | 2023-09-14 01:05 | ALAS2LIVEPATCH-2023-144 |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-5.10.184-174.730 | 2023-09-14 01:05 | ALAS2LIVEPATCH-2023-143 |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-5.10.184-175.731 | 2023-09-14 01:05 | ALAS2LIVEPATCH-2023-142 |
Amazon Linux 2 - Livepatch Extra | kernel-livepatch-5.10.184-175.749 | 2023-09-14 01:05 | ALAS2LIVEPATCH-2023-145 |
Amazon Linux 2023 | kernel-livepatch-6.1.29-50.88 | 2023-09-15 20:55 | ALAS2023LIVEPATCH-2023-015 |
Amazon Linux 2023 | kernel-livepatch-6.1.34-56.100 | 2023-09-15 20:55 | ALAS2023LIVEPATCH-2023-014 |
Amazon Linux 2023 | kernel-livepatch-6.1.34-58.102 | 2023-09-15 20:55 | ALAS2023LIVEPATCH-2023-013 |
Amazon Linux 2023 | kernel-livepatch-6.1.34-59.116 | 2023-09-15 20:55 | ALAS2023LIVEPATCH-2023-012 |
Amazon Linux 2023 | kernel-livepatch-6.1.38-59.109 | 2023-09-15 20:55 | ALAS2023LIVEPATCH-2023-011 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |