A use-after-free vulnerability in the Linux kernel\'s net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
Find out more about CVE-2023-4208 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
Product Name | Status | Defect | Fixed | Downloads |
---|---|---|---|---|
Linux | ||||
Wind River Linux LTS 17 | Requires LTSS | -- | -- | -- |
Wind River Linux 8 | Requires LTSS | -- | -- | -- |
Wind River Linux 9 | Requires LTSS | -- | -- | -- |
Wind River Linux 7 | Requires LTSS | -- | -- | -- |
Wind River Linux LTS 21 | Fixed |
LIN1021-6497 |
10.21.20.20 | -- |
Wind River Linux LTS 22 | Fixed |
LIN1022-5345 |
10.22.33.12 | -- |
Wind River Linux LTS 18 | Fixed |
LIN1018-11228 |
10.18.44.30 | -- |
Wind River Linux LTS 19 | Fixed |
LIN1019-10371 |
10.19.45.30 | -- |
Wind River Linux CD release | N/A | -- | -- | -- |
Wind River Linux 6 | Requires LTSS | -- | -- | -- |
Wind River Linux LTS 23 | Fixed |
LIN1023-2038 |
10.23.30.2 | -- |
Wind River Linux LTS 24 | Fixed | -- | LINCD-next | -- |
VxWorks | ||||
VxWorks 7 | Not Vulnerable | -- | -- | -- |
VxWorks 6.9 | Not Vulnerable | -- | -- | -- |
Helix Virtualization Platform Cert Edition | ||||
Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
eLxr | ||||
eLxr 12 | Fixed | -- | 6.1.52-1 | -- |
Wind River Studio Cloud Platform |
Product Name | Status | Defect | Fixed | Downloads |
---|