gsd - gsd-2023-4147

gsd-2023-4147

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

Aliases

CVE-2023-4147

Aliases

CVE-2023-4147

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-4147",
    "id": "GSD-2023-4147"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-4147"
      ],
      "details": "A use-after-free flaw was found in the Linux kernel\u2019s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.",
      "id": "GSD-2023-4147",
      "modified": "2023-12-13T01:20:27.513815Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2023-4147",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Red Hat Enterprise Linux 9",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "0:5.14.0-284.30.1.el9_2",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "0:5.14.0-284.30.1.rt14.315.el9_2",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "0:5.14.0-284.30.1.el9_2",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "0:5.14.0-70.80.1.el9_0",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "0:5.14.0-70.80.1.rt21.151.el9_0",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 6",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 7",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A use-after-free flaw was found in the Linux kernel\u2019s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-416",
                "lang": "eng",
                "value": "Use After Free"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/errata/RHSA-2023:5069",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2023:5069"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2023:5091",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2023:5091"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2023:5093",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2023:5093"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2023:7382",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2023:7382"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2023:7389",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2023:7389"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2023:7411",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2023:7411"
          },
          {
            "name": "https://access.redhat.com/security/cve/CVE-2023-4147",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2023-4147"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2225239",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225239"
          },
          {
            "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211",
            "refsource": "MISC",
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20231020-0006/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20231020-0006/"
          },
          {
            "name": "https://www.debian.org/security/2023/dsa-5480",
            "refsource": "MISC",
            "url": "https://www.debian.org/security/2023/dsa-5480"
          },
          {
            "name": "https://www.debian.org/security/2023/dsa-5492",
            "refsource": "MISC",
            "url": "https://www.debian.org/security/2023/dsa-5492"
          },
          {
            "name": "https://www.spinics.net/lists/stable/msg671573.html",
            "refsource": "MISC",
            "url": "https://www.spinics.net/lists/stable/msg671573.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2023-4147"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A use-after-free flaw was found in the Linux kernel\u2019s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://access.redhat.com/security/cve/CVE-2023-4147",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-4147"
            },
            {
              "name": "https://www.spinics.net/lists/stable/msg671573.html",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch"
              ],
              "url": "https://www.spinics.net/lists/stable/msg671573.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2225239",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225239"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211"
            },
            {
              "name": "https://www.debian.org/security/2023/dsa-5480",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5480"
            },
            {
              "name": "https://www.debian.org/security/2023/dsa-5492",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5492"
            },
            {
              "name": "https://access.redhat.com/errata/RHSA-2023:5091",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:5091"
            },
            {
              "name": "https://access.redhat.com/errata/RHSA-2023:5069",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:5069"
            },
            {
              "name": "https://access.redhat.com/errata/RHSA-2023:5093",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:5093"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20231020-0006/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20231020-0006/"
            },
            {
              "name": "RHSA-2023:7382",
              "refsource": "",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2023:7382"
            },
            {
              "name": "RHSA-2023:7389",
              "refsource": "",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2023:7389"
            },
            {
              "name": "RHSA-2023:7411",
              "refsource": "",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2023:7411"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-11-21T17:15Z",
      "publishedDate": "2023-08-07T14:15Z"
    }
  }
}

cve-2023-4147

Vulnerability from cvelistv5

Published

2023-08-07 13:19

Modified

2024-09-16 12:38

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Kernel: netfilter: nf_tables_newrule when adding a rule with nfta_rule_chain_id leads to use-after-free

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2023:5069	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2023:5091	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2023:5093	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2023:7382	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2023:7389	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2023:7411	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-4147	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2225239	issue-tracking, x_refsource_REDHAT
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211
	https://www.spinics.net/lists/stable/msg671573.html

Impacted products

▼	Vendor	Product
	Red Hat	Red Hat Enterprise Linux 9
	Red Hat	Red Hat Enterprise Linux 9
	Red Hat	Red Hat Enterprise Linux 9
	Red Hat	Red Hat Enterprise Linux 9
	Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support
	Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support
	Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support
	Red Hat	Red Hat Enterprise Linux 6
	Red Hat	Red Hat Enterprise Linux 7
	Red Hat	Red Hat Enterprise Linux 7
	Red Hat	Red Hat Enterprise Linux 8
	Red Hat	Red Hat Enterprise Linux 8

Show details on NVD website