CVE-2023-3610
Use-after-free in Linux kernel's netfilter: nf_tables component
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.
A use-after-free vulnerability was found in the netfilter: nf_tables component in the Linux kernel due to a missing error handling in the abort path of NFT_MSG_NEWRULE. This flaw allows a local attacker with CAP_NET_ADMIN access capability to cause a local privilege escalation problem.
It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-07-10 CVE Reserved
- 2023-07-21 CVE Published
- 2023-08-01 EPSS Updated
- 2025-02-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
- CAPEC-233: Privilege Escalation
References (7)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20230818-0005 | Third Party Advisory |
|
| https://www.debian.org/security/2023/dsa-5461 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3610 | 2023-09-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2225198 | 2023-09-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.9 < 5.10.188 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.10.188" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.11 < 5.15.119 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.119" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.16 < 6.1.36 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.1.36" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.2 < 6.3.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.3.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||