{"vulnerability": "CVE-2023-4206", "sightings": [{"uuid": "06df5a4f-f1f8-42a8-a8fc-7d67c1c87851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4206", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/171", "content": "#exploit\n1. BYOVDLL - Exploit That Is Bypassing LSASS Protection\nhttps://blog.scrt.ch/2024/08/09/ghost-in-the-ppl-part-1-byovdll\n\n2. CVE-2023-4206:\nUaF in cls_route\u00a0Linux Kernel Component\nhttps://github.com/google/security-research/tree/master/pocs/linux/kernelctf/CVE-2023-4206_lts_cos\n\n3. CVE-2023-4208:\nUaF in\u00a0cls_u32 Linux Kernel\u00a0Component\nhttps://github.com/google/security-research/tree/master/pocs/linux/kernelctf/CVE-2023-4208_lts_cos_mitigation", "creation_timestamp": "2024-08-16T09:00:19.000000Z"}, {"uuid": "ad9d6bb9-4283-470a-a877-1b75da0e08c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4206", "type": "seen", "source": "https://t.me/arpsyndicate/1932", "content": "#ExploitObserverAlert\n\nCVE-2023-4206\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-4206. A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.  When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.  We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.\n\nFIRST-EPSS: 0.000420000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-18T06:40:20.000000Z"}, {"uuid": "db006426-5f5e-4569-b9f3-ae62507b9c7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4206", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/738", "content": "#exploit\n1. BYOVDLL - Exploit That Is Bypassing LSASS Protection\nhttps://blog.scrt.ch/2024/08/09/ghost-in-the-ppl-part-1-byovdll\n\n2. CVE-2023-4206:\nUaF in cls_route\u00a0Linux Kernel Component\nhttps://github.com/google/security-research/tree/master/pocs/linux/kernelctf/CVE-2023-4206_lts_cos\n\n3. CVE-2023-4208:\nUaF in\u00a0cls_u32 Linux Kernel\u00a0Component\nhttps://github.com/google/security-research/tree/master/pocs/linux/kernelctf/CVE-2023-4208_lts_cos_mitigation", "creation_timestamp": "2024-08-16T09:01:34.000000Z"}, {"uuid": "64eabcf6-baca-4fc1-9a8b-1cbdf35793b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4206", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10990", "content": "#exploit\n1. BYOVDLL - Exploit That Is Bypassing LSASS Protection\nhttps://blog.scrt.ch/2024/08/09/ghost-in-the-ppl-part-1-byovdll\n\n2. CVE-2023-4206:\nUaF in cls_route\u00a0Linux Kernel Component\nhttps://github.com/google/security-research/tree/master/pocs/linux/kernelctf/CVE-2023-4206_lts_cos\n\n3. CVE-2023-4208:\nUaF in\u00a0cls_u32 Linux Kernel\u00a0Component\nhttps://github.com/google/security-research/tree/master/pocs/linux/kernelctf/CVE-2023-4208_lts_cos_mitigation", "creation_timestamp": "2024-08-16T11:03:01.000000Z"}]}