CVE-2023-3390

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jun 28, 2023
Updated: Mar 27, 2024
CWE ID 416

Summary

CVE-2023-3390 is a use-after-free vulnerability affecting the Linux kernel's netfilter subsystem, specifically in net/netfilter/nf_tables_api.c. The issue arises from mishandled error handling with NFT_MSG_NEWRULE, enabling an attacker with local user access to utilize a dangling pointer in the same transaction, resulting in a use-after-free condition. This vulnerability can lead to privilege escalation. It is strongly advised to upgrade past commit 1240eb93f0616b21c675416516ff3d74798fdc97 to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share