Public on 2023-07-21
Modified on 2024-01-12
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.

If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.

We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
Important severity
CVSS v3 Base Score
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 kernel 2023-08-03 ALAS-2023-1792 Fixed
Amazon Linux 2 - Core kernel 2023-08-03 ALAS2-2023-2179 Fixed
Amazon Linux 2 - Kernel-5.10 Extra kernel 2023-08-03 ALAS2KERNEL-5.10-2023-038 Fixed
Amazon Linux 2 - Kernel-5.15 Extra kernel 2023-08-03 ALAS2KERNEL-5.15-2023-025 Fixed
Amazon Linux 2 - Kernel-5.4 Extra kernel 2023-08-03 ALAS2KERNEL-5.4-2023-050 Fixed
Amazon Linux 2023 kernel 2023-08-17 ALAS2023-2023-299 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.318-240.529 2023-09-14 ALAS2LIVEPATCH-2023-148 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.318-241.531 2023-09-14 ALAS2LIVEPATCH-2023-147 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.320-242.534 2023-09-14 ALAS2LIVEPATCH-2023-146 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.179-171.711 2023-09-14 ALAS2LIVEPATCH-2023-144 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.184-174.730 2023-09-14 ALAS2LIVEPATCH-2023-143 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.184-175.731 2023-09-14 ALAS2LIVEPATCH-2023-142 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.184-175.749 2023-09-14 ALAS2LIVEPATCH-2023-145 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.29-50.88 2023-09-15 ALAS2023LIVEPATCH-2023-015 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.34-56.100 2023-09-15 ALAS2023LIVEPATCH-2023-014 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.34-58.102 2023-09-15 ALAS2023LIVEPATCH-2023-013 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.34-59.116 2023-09-15 ALAS2023LIVEPATCH-2023-012 Fixed
Amazon Linux 2023 kernel-livepatch-6.1.38-59.109 2023-09-15 ALAS2023LIVEPATCH-2023-011 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H