CVE-2023-4208

Updated: 2023-09-06

CWE: CWE-416 Use After Free

Description:

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.

CVSS3: 7.8


Vendor State

OS Vendor version Errata
Oracle Linux 6 UEK 4 4.1.12-124.80.1.el6uek ELSA-2023-12970
Oracle Linux 7 UEK 4 4.1.12-124.80.1.el7uek ELSA-2023-12970
Ubuntu 20.04 AWS 5.4.0-1110.119 USN-6387-1
Oracle Linux 7 3.10.0-1160.105.1.0.1.el7 ELSA-2023-7423
Rocky Linux 8 4.18.0-513.5.1.el8_9 RLSA-2023:7077
Debian 12 6.1.52-1 DSA-5492-1
RHEL 9 5.14.0-362.8.1.el9_3 RHSA-2023:6583
RHEL 7 3.10.0-1160.105.1.el7 RHSA-2023:7423
AlmaLinux 8 4.18.0-513.5.1.el8_9 ALSA-2023:7077
Oracle Linux 8 4.18.0-513.5.1.el8_9 ELSA-2023-7077
Ubuntu 20.04 5.4.0-163.180 USN-6387-1
Ubuntu 16.04 AWS ESM 4.4.0-1161.176 USN-6388-1
Ubuntu 22.04 Azure 5.15.0-1047.54 USN-6386-1
Ubuntu 22.04 5.15.0-84.93 USN-6386-1
Ubuntu 16.04 Azure ESM 4.15.0-1170.185~16.04.1 USN-6396-1
Ubuntu 22.04 AWS 5.15.0-1045.50 USN-6386-1
Debian 11 5.10.191-1 DSA-5480-1
Amazon Linux 2 4.14.322-244.536.amzn2 ALAS-2023-2268
Ubuntu 16.04 HWE ESM 4.15.0-218.229~16.04.1 USN-6396-1
Ubuntu 16.04 AWS HWE ESM 4.15.0-1161.174~16.04.1 USN-6396-1
RHEL 8 4.18.0-513.5.1.el8_9 RHSA-2023:7077
AlmaLinux 9 5.14.0-362.8.1.el9_3 ALSA-2023:6583
Amazon Linux 2 5.10 5.10.192-182.736.amzn2 ALASKERNEL-5.10-2023-039
Amazon Linux 2 5.4 5.4.253-167.359.amzn2 ALASKERNEL-5.4-2023-054
Rocky Linux 9 5.14.0-362.8.1.el9_3 RLSA-2023:6583
Oracle Linux 9 5.14.0-362.8.1.el9_3 ELSA-2023-6583
Amazon Linux 1 4.14.322-170.535.amzn1 ALAS-2023-1827

KernelCare State

OS Original kernel version State
Oracle Linux 6 UEK 4
Planned
Oracle Linux 7 UEK 4
Planned
Ubuntu 20.04 AWS
Will Not Fix
Oracle Linux 7
Planned
Rocky Linux 8
Planned
Debian 12
Planned
RHEL 9
5.14.0-70.30.1.el9_0 show all hide all
5.14.0-70.5.1.el9_0 5.14.0-162.12.1.el9_1 5.14.0-162.18.1.el9_1 5.14.0-162.22.2.el9_1 5.14.0-162.23.1.el9_1 5.14.0-162.6.1.el9_1 5.14.0-284.11.1.el9_2 5.14.0-284.18.1.el9_2 5.14.0-284.25.1.el9_2 5.14.0-284.30.1.el9_2 5.14.0-70.13.1.el9_0 5.14.0-70.17.1.el9_0 5.14.0-70.22.1.el9_0 5.14.0-70.26.1.el9_0
Released
RHEL 7
In Progress
AlmaLinux 8
Planned
Oracle Linux 8
Planned
Ubuntu 20.04
Will Not Fix
Ubuntu 16.04 AWS ESM
Will Not Fix
Ubuntu 22.04 Azure
Will Not Fix
Ubuntu 22.04
Will Not Fix
Ubuntu 16.04 Azure ESM
Will Not Fix
Ubuntu 22.04 AWS
Will Not Fix
Debian 11
Will Not Fix
Amazon Linux 2
Ready For Release
Ubuntu 16.04 HWE ESM
Will Not Fix
Ubuntu 16.04 AWS HWE ESM
Will Not Fix
RHEL 8
In Progress
AlmaLinux 9
5.14.0-162.12.1.el9_1 show all hide all
5.14.0-162.18.1.el9_1 5.14.0-162.22.2.el9_1 5.14.0-162.23.1.el9_1 5.14.0-70.30.1.el9_0 5.14.0-162.6.1.el9_1 5.14.0-284.11.1.el9_2 5.14.0-284.18.1.el9_2 5.14.0-284.25.1.el9_2 5.14.0-70.13.1.el9_0 5.14.0-70.17.1.el9_0 5.14.0-70.22.1.el9_0 5.14.0-70.26.1.el9_0
Released
Amazon Linux 2 5.10
Planned
Amazon Linux 2 5.4
Planned
Rocky Linux 9
5.14.0-162.12.1.el9_1.0.1 show all hide all
5.14.0-162.12.1.el9_1.0.2 5.14.0-162.18.1.el9_1 5.14.0-162.22.2.el9_1 5.14.0-162.23.1.el9_1 5.14.0-162.6.1.el9_1.0.1 5.14.0-162.6.1.el9_1 5.14.0-70.22.1.el9_0 5.14.0-70.26.1.el9_0 5.14.0-70.30.1.el9_0
Released
Oracle Linux 9
5.14.0-70.26.1.0.1.el9_0 show all hide all
5.14.0-162.12.1.el9_1 5.14.0-162.18.1.el9_1 5.14.0-162.22.2.el9_1 5.14.0-162.23.1.el9_1 5.14.0-162.6.1.el9_1 5.14.0-284.11.1.el9_2 5.14.0-284.18.1.el9_2 5.14.0-284.25.1.el9_2 5.14.0-70.13.1.0.3.el9_0 5.14.0-70.17.1.0.1.el9_0 5.14.0-70.22.1.0.1.el9_0
Released
Amazon Linux 1
Will Not Fix