Описание
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.
We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. This flaw allows a local attacker to cause a use-after-free problem, leading to privilege escalation.
Отчет
For Red Hat Enterprise Linux 7, please use the mitigation to disable module cls_tcindex, because similar use-after-free issues also exists in the Linux Kernel's traffic control index filter and will not be fixed before Red Hat Enterprise Linux 8.
Меры по смягчению последствий
To mitigate this issue, prevent the module cls_tcindex from being loaded. Please see https://access.redhat.com/solutions/41278 on how to blacklist a kernel module to prevent it from loading automatically.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2023:4541 | 08.08.2023 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2023:4517 | 08.08.2023 |
| Red Hat Enterprise Linux 8 | kpatch-patch | Fixed | RHSA-2023:4531 | 08.08.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | kernel | Fixed | RHSA-2023:4515 | 08.08.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | kpatch-patch | Fixed | RHSA-2023:4516 | 08.08.2023 |
Показывать по
Дополнительная информация
Статус:
7.4 High
CVSS3
Связанные уязвимости
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
A use-after-free vulnerability in the Linux Kernel traffic control ind ...
Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)
7.4 High
CVSS3