CVE-2023-0461

Updated: 2023-11-04 20:54:23.371936

Description:

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Already Fixed 2024-10-09 03:41:05
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Already Fixed 2024-10-09 03:41:05
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2023-04-12 08:48:02
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Not Vulnerable 2024-10-08 14:25:07
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2023:1683229770 2023-05-04 17:05:59
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2023:1683146027 2023-05-04 17:06:00
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2024:1729874131 2024-10-25 14:29:26
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2023-04-12 08:48:02
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Not Vulnerable 2024-10-08 14:25:07
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2023-04-12 08:48:02
Total: 13