ALAS2023LIVEPATCH-2023-011 --- kernel-livepatch-6.1.38-59.109ID: oval:org.secpod.oval:def:19500451 | Date: (C)2024-01-04 (M)2024-04-25 |
Class: PATCH | Family: unix |
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.If tcf_change_indev fails, fw_set_parms will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter. If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f
Platform: |
Amazon Linux 2023 |
Product: |
kernel-livepatch-6.1.38-59.109 |