CVE-2023-4147

Summary

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 90:5.14.0-284.30.1.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 90:5.14.0-284.30.1.rt14.315.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 90:5.14.0-284.30.1.el9_2 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support0:5.14.0-70.80.1.el9_0 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support0:5.14.0-70.80.1.rt21.151.el9_0 < *unaffected

Weaknesses

  • CWE-416: Use After Free

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References