CVE-2023-4147

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-4147	Patch Third Party Advisory
https://www.spinics.net/lists/stable/msg671573.html	Mailing List Patch
https://bugzilla.redhat.com/show_bug.cgi?id=2225239	Issue Tracking Patch Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211	Mailing List Patch
https://access.redhat.com/errata/RHSA-2023:5091	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5069	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5093	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7382	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7389	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7411	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel:6.5:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.5:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.5:rc3::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

History

16 Sep 2024, 13:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.debian.org/security/2023/dsa-5492', 'name': 'https://www.debian.org/security/2023/dsa-5492', 'tags': ['Third Party Advisory'], 'refsource': 'MISC'}~~ ~~{'url': 'https://www.debian.org/security/2023/dsa-5480', 'name': 'https://www.debian.org/security/2023/dsa-5480', 'tags': ['Third Party Advisory'], 'refsource': 'MISC'}~~ {'url': 'https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html', 'name': 'https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MISC'} ~~{'url': 'https://security.netapp.com/advisory/ntap-20231020-0006/', 'name': 'https://security.netapp.com/advisory/ntap-20231020-0006/', 'tags': ['Third Party Advisory'], 'refsource': 'MISC'}~~

26 Aug 2024, 16:08

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/errata/RHSA-2023:7389 -~~	() https://access.redhat.com/errata/RHSA-2023:7389 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7411 -~~	() https://access.redhat.com/errata/RHSA-2023:7411 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7382 -~~	() https://access.redhat.com/errata/RHSA-2023:7382 - Third Party Advisory

21 Nov 2023, 17:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2023:7389 - () https://access.redhat.com/errata/RHSA-2023:7411 - () https://access.redhat.com/errata/RHSA-2023:7382 -

02 Nov 2023, 02:17

Type	Values Removed	Values Added
First Time		Debian Redhat enterprise Linux For Real Time For Nfv Redhat enterprise Linux Server Aus Debian debian Linux Redhat enterprise Linux Eus Redhat enterprise Linux For Real Time
CPE		cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.0:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.0:::::::*
References	~~(MISC) https://access.redhat.com/errata/RHSA-2023:5069 -~~	(MISC) https://access.redhat.com/errata/RHSA-2023:5069 - Third Party Advisory
References	~~(MISC) https://access.redhat.com/errata/RHSA-2023:5091 -~~	(MISC) https://access.redhat.com/errata/RHSA-2023:5091 - Third Party Advisory
References	~~(MISC) https://security.netapp.com/advisory/ntap-20231020-0006/ -~~	(MISC) https://security.netapp.com/advisory/ntap-20231020-0006/ - Third Party Advisory
References	~~(MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html -~~	(MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html - Mailing List, Third Party Advisory
References	~~(MISC) https://www.debian.org/security/2023/dsa-5492 -~~	(MISC) https://www.debian.org/security/2023/dsa-5492 - Third Party Advisory
References	~~(MISC) https://www.debian.org/security/2023/dsa-5480 -~~	(MISC) https://www.debian.org/security/2023/dsa-5480 - Third Party Advisory
References	~~(MISC) https://access.redhat.com/errata/RHSA-2023:5093 -~~	(MISC) https://access.redhat.com/errata/RHSA-2023:5093 - Third Party Advisory

20 Oct 2023, 15:15

Type	Values Removed	Values Added
References		(MISC) https://security.netapp.com/advisory/ntap-20231020-0006/ -

20 Oct 2023, 00:15

Type	Values Removed	Values Added
References		(MISC) https://access.redhat.com/errata/RHSA-2023:5091 - (MISC) https://www.debian.org/security/2023/dsa-5492 - (MISC) https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html - (MISC) https://access.redhat.com/errata/RHSA-2023:5069 - (MISC) https://access.redhat.com/errata/RHSA-2023:5093 -

19 Aug 2023, 18:17

Type	Values Removed	Values Added
References		(MISC) https://www.debian.org/security/2023/dsa-5480 -

15 Aug 2023, 14:27

Type	Values Removed	Values Added
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2023-4147 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2023-4147 - Patch, Third Party Advisory
References	~~(MISC) https://www.spinics.net/lists/stable/msg671573.html -~~	(MISC) https://www.spinics.net/lists/stable/msg671573.html - Mailing List, Patch
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211 -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211 - Mailing List, Patch
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2225239 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2225239 - Issue Tracking, Patch, Third Party Advisory
CPE		cpe:2.3:o:linux:linux_kernel:6.5:rc3:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:fedoraproject:fedora:38:::::::* cpe:2.3:o:linux:linux_kernel:6.5:rc2:::::: cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:linux:linux_kernel:6.5:rc1::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
First Time		Linux Fedoraproject fedora Redhat enterprise Linux Linux linux Kernel Redhat Fedoraproject
CWE		CWE-416

07 Aug 2023, 15:41

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-07 14:15

Updated : 2024-09-16 13:15

NVD link : CVE-2023-4147

Mitre link : CVE-2023-4147

JSON object : View

Products Affected

debian

debian_linux

redhat

enterprise_linux_server_aus
enterprise_linux
enterprise_linux_eus
enterprise_linux_for_real_time
enterprise_linux_for_real_time_for_nfv

fedoraproject

fedora

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10