Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALASLIVEPATCH-2023-146

Related Vulnerabilities: CVE-2023-3609   CVE-2023-3776  

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. (CVE-2023-3609) A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. (CVE-2023-3776)

Source

ALASLIVEPATCH-2023-146

Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2023-146
Advisory Release Date: 2023-09-14 01:05 Pacific
Advisory Updated Date: 2023-09-25 22:10 Pacific
Severity: Important
Issue Overview:

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.

If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.

We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. (CVE-2023-3609)

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.

If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.

We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. (CVE-2023-3776)


Affected Packages:

kernel-livepatch-4.14.320-242.534


Issue Correction:
Please ensure you have live patching enabled.
Run yum update kernel-livepatch-4.14.320-242.534 to update your system.

New Packages:
src:
    kernel-livepatch-4.14.320-242.534-1.0-1.amzn2.src

x86_64:
    kernel-livepatch-4.14.320-242.534-1.0-1.amzn2.x86_64
    kernel-livepatch-4.14.320-242.534-debuginfo-1.0-1.amzn2.x86_64

Additional References

Red Hat: CVE-2023-3609, CVE-2023-3776

Mitre: CVE-2023-3609, CVE-2023-3776

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started