CVE-2023-1281

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-1281
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1281.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-1281
Downstream
Related
Published
2023-03-22T13:18:55.460Z
Modified
2026-05-08T04:51:42.403574Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
UAF in Linux kernel's tcindex (traffic control index filter) implementation
Details

Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcfextsexec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.

Database specific 
{
    "cna_assigner": "Google",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/1xxx/CVE-2023-1281.json",
    "cwe_ids": [
        "CWE-416"
    ]
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Events
Introduced
bebc6082da0a9f5d47a1ea2edc099bf671058bd4
Last affected
c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
Database specific 
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "4.14"
        },
        {
            "last_affected": "6.2"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1281.json"