CVE-2023-4207

Updated: 2023-09-06

CWE: CWE-416 Use After Free

Description:

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.

CVSS3: 7.8

Vendor State

OS	Vendor version	Errata
Ubuntu 16.04 AWS ESM	4.4.0-1161.176	USN-6388-1
Debian 12	6.1.52-1	DSA-5492-1
Oracle Linux 7	3.10.0-1160.105.1.0.1.el7	ELSA-2023-7423
RHEL 7	3.10.0-1160.105.1.el7	RHSA-2023:7423
Oracle Linux 8	4.18.0-513.5.1.el8_9	ELSA-2023-7077
RHEL 9	5.14.0-362.8.1.el9_3	RHSA-2023:6583
Ubuntu 16.04 HWE ESM	4.15.0-218.229~16.04.1	USN-6396-1
Amazon Linux 1	4.14.326-171.539.amzn1	ALAS-2023-1838
Debian 11	5.10.191-1	DSA-5480-1
Amazon Linux 2	4.14.326-245.539.amzn2	ALAS-2023-2264
Rocky Linux 9	5.14.0-362.8.1.el9_3	RLSA-2023:6583
Oracle Linux 9	5.14.0-362.8.1.el9_3	ELSA-2023-6583
RHEL 8	4.18.0-513.5.1.el8_9	RHSA-2023:7077
AlmaLinux 9	5.14.0-362.8.1.el9_3	ALSA-2023:6583
AlmaLinux 8	4.18.0-513.5.1.el8_9	ALSA-2023:7077
Rocky Linux 8	4.18.0-513.5.1.el8_9	RLSA-2023:7077
Amazon Linux 2 5.4	5.4.253-167.359.amzn2	ALASKERNEL-5.4-2023-054
Amazon Linux 2 5.10	5.10.192-182.736.amzn2	ALASKERNEL-5.10-2023-039
Ubuntu 20.04 AWS	5.4.0-1110.119	USN-6387-1
Ubuntu 16.04 AWS HWE ESM	4.15.0-1161.174~16.04.1	USN-6396-1
Ubuntu 16.04 Azure ESM	4.15.0-1170.185~16.04.1	USN-6396-1
Ubuntu 20.04	5.4.0-163.180	USN-6387-1
Ubuntu 22.04	5.15.0-84.93	USN-6386-1
Ubuntu 22.04 AWS	5.15.0-1045.50	USN-6386-1
Ubuntu 22.04 Azure	5.15.0-1047.54	USN-6386-1

KernelCare State

OS	Original kernel version	State
Ubuntu 16.04 AWS ESM		Will Not Fix
Debian 12		Planned
Oracle Linux 7		Planned
RHEL 7		In Progress
Oracle Linux 8		Planned
RHEL 9	5.14.0-70.30.1.el9_0 show all hide all 5.14.0-70.5.1.el9_0 5.14.0-162.12.1.el9_1 5.14.0-162.18.1.el9_1 5.14.0-162.22.2.el9_1 5.14.0-162.23.1.el9_1 5.14.0-162.6.1.el9_1 5.14.0-284.11.1.el9_2 5.14.0-284.18.1.el9_2 5.14.0-284.25.1.el9_2 5.14.0-284.30.1.el9_2 5.14.0-70.13.1.el9_0 5.14.0-70.17.1.el9_0 5.14.0-70.22.1.el9_0 5.14.0-70.26.1.el9_0	Released
Ubuntu 16.04 HWE ESM		Will Not Fix
Amazon Linux 1		Planned
Debian 11		Will Not Fix
Amazon Linux 2		Ready For Release
Rocky Linux 9	5.14.0-162.12.1.el9_1.0.1 show all hide all 5.14.0-162.12.1.el9_1.0.2 5.14.0-162.18.1.el9_1 5.14.0-162.22.2.el9_1 5.14.0-162.23.1.el9_1 5.14.0-162.6.1.el9_1.0.1 5.14.0-162.6.1.el9_1 5.14.0-70.22.1.el9_0 5.14.0-70.26.1.el9_0 5.14.0-70.30.1.el9_0	Released
Oracle Linux 9	5.14.0-162.18.1.el9_1 show all hide all 5.14.0-162.22.2.el9_1 5.14.0-162.23.1.el9_1 5.14.0-162.6.1.el9_1 5.14.0-284.11.1.el9_2 5.14.0-284.18.1.el9_2 5.14.0-284.25.1.el9_2 5.14.0-70.13.1.0.3.el9_0 5.14.0-70.17.1.0.1.el9_0 5.14.0-70.22.1.0.1.el9_0 5.14.0-70.26.1.0.1.el9_0 5.14.0-162.12.1.el9_1	Released
RHEL 8		In Progress
AlmaLinux 9	5.14.0-162.12.1.el9_1 show all hide all 5.14.0-162.18.1.el9_1 5.14.0-162.22.2.el9_1 5.14.0-162.23.1.el9_1 5.14.0-162.6.1.el9_1 5.14.0-284.11.1.el9_2 5.14.0-284.18.1.el9_2 5.14.0-284.25.1.el9_2 5.14.0-70.13.1.el9_0 5.14.0-70.17.1.el9_0 5.14.0-70.22.1.el9_0 5.14.0-70.26.1.el9_0 5.14.0-70.30.1.el9_0	Released
AlmaLinux 8		Planned
Rocky Linux 8		Planned
Amazon Linux 2 5.4		Planned
Amazon Linux 2 5.10		Planned
Ubuntu 20.04 AWS		Will Not Fix
Ubuntu 16.04 AWS HWE ESM		Will Not Fix
Ubuntu 16.04 Azure ESM		Will Not Fix
Ubuntu 20.04		Will Not Fix
Ubuntu 22.04		Will Not Fix
Ubuntu 22.04 AWS		Will Not Fix
Ubuntu 22.04 Azure		Will Not Fix