CVE-2023-1829

CVSS V2 None CVSS V3 None
Description
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
Overview
  • CVE ID
  • CVE-2023-1829
  • Assigner
  • cve-coordination@google.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-12T12:15:07
  • Last Modified Date
  • 2023-04-19T19:16:35
Weakness Enumerations
CWE URL
CWE-416 http://cwe.mitre.org/data/definitions/416.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 1 OR 6.3
References
Reference URL Reference Tags
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c710f75256bb3cf05ac7b1672c82b92c43f3d28
https://kernel.dance/#8c710f75256bb3cf05ac7b1672c82b92c43f3d28
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-1829
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1829
History
Created Old Value New Value Data Type Notes
2023-04-17 04:36:05 Added to TrackCVE
2023-04-17 04:36:08 Weakness Enumeration new
2023-04-18 13:00:34 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-19 20:00:56 2023-04-19T19:16:35 CVE Modified Date updated
2023-04-19 20:00:56 Undergoing Analysis Analyzed Vulnerability Status updated
2023-04-19 20:01:00 CPE Information updated