CVE-2023-4147

Опубликовано: 07 авг. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

Ссылки

https://access.redhat.com/errata/RHSA-2023:5069
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5091
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5093
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7382
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7389
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7411
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4147
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2225239
Issue Tracking
Patch
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211
Mailing List
Patch
https://www.spinics.net/lists/stable/msg671573.html
Mailing List
Patch
https://access.redhat.com/errata/RHSA-2023:5069
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5091
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5093
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7382
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7389
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7411
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4147
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2225239
Issue Tracking
Patch
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211
Mailing List
Patch
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.9 (включая) до 5.10.190 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.11 (включая) до 5.15.124 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.16 (включая) до 6.1.43 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.2 (включая) до 6.4.8 (исключая)

cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00161

Низкий

7.8 High

CVSS3

Дефекты

CWE-416

Связанные уязвимости

CVE-2023-4147

CVSS3: 7.8

ubuntu

почти 2 года назад

CVE-2023-4147

CVSS3: 7.8

redhat

почти 2 года назад

CVE-2023-4147

CVSS3: 7.8

msrc

почти 2 года назад

Описание отсутствует

CVE-2023-4147

CVSS3: 7.8

debian

почти 2 года назад

A use-after-free flaw was found in the Linux kernel\u2019s Netfilter f ...

GHSA-pcv9-72q8-27vc

CVSS3: 7.8

github

почти 2 года назад

EPSS

Процентиль: 38%

0.00161

Низкий

7.8 High

CVSS3

Дефекты

CWE-416