ALAS2023-2023-461 --- kernelID: oval:org.secpod.oval:def:19500541 | Date: (C)2024-01-04 (M)2024-04-29 |
Class: PATCH | Family: unix |
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times.We recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630
Platform: |
Amazon Linux 2023 |
Product: |
kernel |
python3-perf |
perf |
bpftool |