ALAS-2023-1827 --- kernelID: oval:org.secpod.oval:def:1601799 | Date: (C)2023-09-27 (M)2024-05-04 |
Class: PATCH | Family: unix |
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97
Platform: |
Amazon Linux AMI |