CVE-2023-4015
Use-after-free in Linux kernel's netfilter: nf_tables component
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used. We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2.
Una vulnerabilidad de use-after-free en el netfilter del kernel de Linux: nf_tables componente puede ser explotado para lograr la escalada de privilegios locales. En un error al crear una regla nftables, desactivar expresiones inmediatas en nft_immediate_deactivate() puede llevar a desenlazar la cadena y los objetos se desactiven pero se usen más tarde. Recomendamos actualizar al commit anterior 0a771f7b266b02d262900c75f1e175c7fe76fec2.
A use-after-free flaw was found in the Linux kernel's netfilter: nf_tables component, which can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can unbind the chain and objects can be deactivated but used later.
Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-07-31 CVE Reserved
- 2023-08-30 CVE Published
- 2025-02-13 CVE Updated
- 2025-04-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
- CAPEC-233: Privilege Escalation
References (5)
| URL | Tag | Source |
|---|---|---|
| https://www.debian.org/security/2023/dsa-5492 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-4015 | 2024-01-25 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2237752 | 2024-01-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.9 < 5.10.190 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.10.190" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.11 < 5.15.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.124" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.16 < 6.1.43 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.1.43" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.2 < 6.4.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.4.8" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 12.0 Search vendor "Debian" for product "Debian Linux" and version "12.0" | - |
Affected
| ||||||