Unrated severityNVD Advisory· Published Sep 6, 2023· Updated Feb 13, 2025
Use-after-free in Linux kernel's net/sched: cls_route component
CVE-2023-4206
Description
A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.
When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.
We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.
Affected products
26- osv-coords25 versionspkg:rpm/almalinux/bpftoolpkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perf
< 4.18.0-513.5.1.el8_9+ 24 more
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
- (no CPE)range: < 4.18.0-513.5.1.el8_9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.