Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2023-3777

Published: 06/09/2023 Updated: 29/11/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Linux

Vulnerability Summary

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

debian debian linux 12.0

canonical ubuntu linux 18.04

canonical ubuntu linux 14.04

canonical ubuntu linux 20.04

canonical ubuntu linux 16.04

canonical ubuntu linux 22.04

Vendor Advisories

Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Securit ...
Debian Security Advisories: DSA-5492-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2023-1206 It was discovered that the networking stack permits attackers to force hash collisions in the IPv6 connection lookup table, which may result in denial of service (significant in ...
Amazon Linux 2: ALASLIVEPATCH-2023-155
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances We recommend upgrading past commi ...
Red Hat:
Description<!---->A use-after-free flaw was found in the Linux kernel's netfilter: nf_tables component, which can be exploited to achieve local privilege escalation When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound, and the chain's owner rule can release the objects in certain circumstancesA use-after- ...
Google Chrome: Long Term Support Channel Update for ChromeOS
LTS-114 is being updated in the LTS channel to&nbsp;11405735337 (Platform Version: 15437740)&nbsp;for most ChromeOS devices Want to know more about Long Term Support? Click&nbsp;hereThis update contains multiple Security fixes, including:1475798&nbsp;High&nbsp;CVE-2023-5187&nbsp;Use after free in Extensions1450784&nbsp;Medium&nbsp;CVE-2023-4 ...

Github Repositories

https://github.com/kylebuch8/vite-project-pfereact

PatternFly Elements, PatternFly React, RHDS Elements and Customer Portal Elements all together The purpose of this demo is to use a Red Hat API to fetch security data and demonstrate how combining our different components can deliver an entire experience Components used PatternFly Elements with React wrappers Accordion, AccordionHeader, AccordionPanel Popover Button Timestamp

References

CWE-416https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8https://www.debian.org/security/2023/dsa-5492http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.htmlhttp://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.htmlhttps://access.redhat.com/errata/RHSA-2024:0432https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5492
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook