CVE-2023-6817

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-6817

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6817.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-6817

Downstream

BELL-CVE-2023-6817

DEBIAN-CVE-2023-6817

DLA-3711-1

DSA-5593-1

DSA-5594-1

OESA-2024-1032

OESA-2024-1033

OESA-2024-1034

OESA-2024-1035

RHSA-2024:0724

RHSA-2024:0881

RHSA-2024:0897

RHSA-2024:1018

RHSA-2024:1019

RHSA-2024:1248

RHSA-2024:1268

RHSA-2024:1269

RHSA-2024:1367

RHSA-2024:1382

RHSA-2024:1404

RHSA-2024:3414

RHSA-2024:3421

SUSE-SU-2024:0855-1

SUSE-SU-2024:0856-1

SUSE-SU-2024:0857-1

SUSE-SU-2024:0858-1

SUSE-SU-2024:0900-1

SUSE-SU-2024:0900-2

SUSE-SU-2024:0910-1

SUSE-SU-2024:0977-1

UBUNTU-CVE-2023-6817

LSN-0100-1

LSN-0101-1

LSN-0103-1

USN-6606-1

USN-6607-1

USN-6608-1

USN-6608-2

USN-6609-1

USN-6609-2

USN-6609-3

USN-6628-1

USN-6628-2

USN-6635-1

Related

Published

2023-12-18T15:15:10Z

Modified

2025-08-09T20:01:26Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The function nftpipapowalk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.

We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.

References

Affected packages