Описание
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; nft_chain_lookup_byid() failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
A use-after-free flaw was found in the Linux kernel's Netfilter module in net/netfilter/nf_tables_api.c in nft_chain_lookup_byid. This flaw allows a local attacker to cause a local privilege escalation issue due to a missing cleanup.
Отчет
Exploiting this flaw will require the CAP_NET_ADMIN access privilege in any user or network namespace.
Меры по смягчению последствий
To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the kernel netfilter module. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:5069 | 12.09.2023 |
| Red Hat Enterprise Linux 9 | kernel-rt | Fixed | RHSA-2023:5091 | 12.09.2023 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:5069 | 12.09.2023 |
| Red Hat Enterprise Linux 9 | kpatch-patch | Fixed | RHSA-2023:5093 | 12.09.2023 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | kernel | Fixed | RHSA-2023:5604 | 10.10.2023 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulner ...
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
Уязвимость функции nft_chain_lookup_byid() в модуле net/netfilter/nf_tables_api.c подсистемы фильтрации пакетов netfilter ядра операционной системы Linux, позволяющая нарушителю повысить привилегии и оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS
7.8 High
CVSS3