Published: 27/09/2023 Updated: 11/01/2024

CVSS v3 Base Score: 6.6 | Impact Score: 4.7 | Exploitability Score: 1.8

VMScore: 0

An issue exists in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel prior to 6.5.3. A buffer size may not be adequate for frames larger than the MTU. (CVE-2023-45871) A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. (CVE-2023-5197)

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

DescriptionThe MITRE CVE dictionary describes this issue as: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free We recommend upgrading past commit f15f ...

An issue was discovered in drivers/net/ethernet/intel/igb/igb_mainc in the IGB driver in the Linux kernel before 653 A buffer size may not be adequate for frames larger than the MTU (CVE-2023-45871) A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation Additi ...

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability We r ...

A flaw was found in rsvp_change() The root cause is an slab-out-of-bound access, but since the offset to the original pointer is an `unsign int` fully controlled by users, the behavior is usually a wild pointer access (CVE-2023-42755) A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve l ...

An issue was discovered in drivers/net/ethernet/intel/igb/igb_mainc in the IGB driver in the Linux kernel before 653 A buffer size may not be adequate for frames larger than the MTU (CVE-2023-45871) A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation Additi ...

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325 (CVE-2023-5197) ...

 LTS-114 is being updated in the LTS channel to 11405735346 (Platform Version: 15437840) for most ChromeOS devices Want to know more about Long Term Support? Click hereThis update contains multiple Security fixes, including:1513170 High  CVE-2023-7024  Heap Buffer overflow in WebRTC 303161001 ...

ChromeOS M119 StableThe Stable channel is being updated to OS version: 15633440 Browser version: 11906045158 for most ChromeOS devicesIf you find new issues, please let us know one of the following waysFile a bugVisit our ChromeOS communitiesGeneral: Chromebook Help CommunityBeta Specific: ChromeOS Beta Help Comm ...

CWE-416 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f15f29fd4779be8a418b66e9d52979bb6d6c2325 https://kernel.dance/f15f29fd4779be8a418b66e9d52979bb6d6c2325 http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-5197 https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2023-159.html

CVE-2023-5197

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect