CVE-2023-3609

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-3609
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3609.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-3609
Downstream
Related
Published
2023-07-21T20:47:12.172Z
Modified
2026-05-08T04:52:12.793673Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Use-after-free in Linux kernel's net/sched: cls_u32 component
Details

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.

If tcfchangeindev() fails, u32setparms() will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.

We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3609.json",
    "cwe_ids": [
        "CWE-416"
    ],
    "cna_assigner": "Google"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Events
Introduced
bebc6082da0a9f5d47a1ea2edc099bf671058bd4
Fixed
6995e2de6891c724bfeb2db33d7b87775f913ad1
Database specific 
{
    "extracted_events": [
        {
            "introduced": "4.14"
        },
        {
            "fixed": "6.4"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3609.json"