CVE-2023-3609

Source
https://cve.org/CVERecord?id=CVE-2023-3609
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3609.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-3609
Downstream
Related
Published
2023-07-21T20:47:12.172Z
Modified
2026-07-11T03:55:17.326847473Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Use-after-free in Linux kernel's net/sched: cls_u32 component
Details

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.

If tcfchangeindev() fails, u32setparms() will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.

We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.

Database specific
{
    "cna_assigner": "Google",
    "cwe_ids": [
        "CWE-416"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3609.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Events
Introduced
e3d97e8db5c45dfe3e4c70252acc5f4edea172b7
Fixed
6995e2de6891c724bfeb2db33d7b87775f913ad1
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "4.14"
        },
        {
            "fixed": "6.4"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3609.json"