CVE-2023-3776
Public on 2023-07-21
Modified on 2024-05-08
Description
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.
If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.
We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.
We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | 2023-08-08 | ALAS-2023-1792 | Fixed |
| Amazon Linux 2 - Core | kernel | 2023-08-07 | ALAS2-2023-2179 | Fixed |
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2023-08-07 | ALAS2KERNEL-5.10-2023-038 | Fixed |
| Amazon Linux 2 - Kernel-5.15 Extra | kernel | 2023-08-07 | ALAS2KERNEL-5.15-2023-025 | Fixed |
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2023-08-07 | ALAS2KERNEL-5.4-2023-050 | Fixed |
| Amazon Linux 2023 | kernel | 2023-08-25 | ALAS2023-2023-299 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.318-240.529 | 2023-09-25 | ALAS2LIVEPATCH-2023-148 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.318-241.531 | 2023-09-25 | ALAS2LIVEPATCH-2023-147 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-4.14.320-242.534 | 2023-09-25 | ALAS2LIVEPATCH-2023-146 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-5.10.179-171.711 | 2023-09-25 | ALAS2LIVEPATCH-2023-144 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-5.10.184-174.730 | 2023-09-25 | ALAS2LIVEPATCH-2023-143 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-5.10.184-175.731 | 2023-09-25 | ALAS2LIVEPATCH-2023-142 | Fixed |
| Amazon Linux 2 - Livepatch Extra | kernel-livepatch-5.10.184-175.749 | 2023-09-25 | ALAS2LIVEPATCH-2023-145 | Fixed |
| Amazon Linux 2023 | kernel-livepatch-6.1.29-50.88 | 2023-10-23 | ALAS2023LIVEPATCH-2023-015 | Fixed |
| Amazon Linux 2023 | kernel-livepatch-6.1.34-56.100 | 2023-10-23 | ALAS2023LIVEPATCH-2023-014 | Fixed |
| Amazon Linux 2023 | kernel-livepatch-6.1.34-58.102 | 2023-10-23 | ALAS2023LIVEPATCH-2023-013 | Fixed |
| Amazon Linux 2023 | kernel-livepatch-6.1.34-59.116 | 2023-10-23 | ALAS2023LIVEPATCH-2023-012 | Fixed |
| Amazon Linux 2023 | kernel-livepatch-6.1.38-59.109 | 2023-10-23 | ALAS2023LIVEPATCH-2023-011 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |