CVE-2023-4623

{"id": "CVE-2023-4623", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve-coordination@google.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-09-06T14:15:12.357", "references": [{"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve-coordination@google.com"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f", "tags": ["Issue Tracking", "Mailing List", "Patch", "Vendor Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f", "tags": ["Patch", "Vendor Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f", "tags": ["Issue Tracking", "Mailing List", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@google.com", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f."}, {"lang": "es", "value": "Una vulnerabilidad de Use After Free en el componente net/sched: sch_hfsc (HFSC qdisc traffic control) del kernel de Linux puede ser explotada para conseguir una escalada local de privilegios. Si una clase con una curva de compartici\u00f3n de enlaces (es decir, con la flag HFSC_FSC establecida) tiene un padre sin una curva de compartici\u00f3n de enlaces, entonces init_vf() llamar\u00e1 a vttree_insert() en el padre, pero vttree_remove() se omitir\u00e1 en update_vf(). Esto deja un puntero colgando que puede causar un Use-After-Free. Recomendamos actualizar desde el commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. "}], "lastModified": "2025-03-20T16:59:51.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97B268FE-B571-4275-BB68-92D593881C9E", "versionEndExcluding": "4.14.327", "versionStartIncluding": "2.6.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D419C7D6-F33D-4EF8-8950-1CB5DDF6A55D", "versionEndExcluding": "4.19.295", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "834BD148-28EC-43A4-A4F5-458124A1E39F", "versionEndExcluding": "5.4.257", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C385B650-53DB-4BFB-83D1-1D8FADF653EF", "versionEndExcluding": "5.10.195", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5913891D-409A-4EEC-9231-F2EF5A493BC7", "versionEndExcluding": "5.15.132", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B20754AF-3B8C-4574-A70D-EC24933810E5", "versionEndExcluding": "6.1.53", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3039EA3-F6CA-43EF-9F17-81A7EC6841EF", "versionEndExcluding": "6.4.16", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "880C803A-BEAE-4DA0-8A59-AC023F7B4EE3", "versionEndExcluding": "6.5.3", "versionStartIncluding": "6.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@google.com"}