We found results for “”
CVE-2023-1829
Good to know:
Date: April 12, 2023
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
Language: C
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Use After Free
CWE-416Top Fix
Upgrade Version
Upgrade to version v4.14.308,v4.19.276,v5.4.235,v5.10.173,v5.15.100,v6.1.18,v6.2.5
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |