There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS??or CONFIG_XFRM_ESPINTCP??has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data??of a struct inet_connection_sock. When CONFIG_TLS??is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt??TCP_ULP??operation does not require any privilege. We recommend upgrading past commit??2c02d41d71f90a5168391b6a5f2954112ba2307c
Find out more about CVE-2023-0461 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
| Product Name | Status | Defect | Fixed | Downloads |
|---|---|---|---|---|
| Linux | ||||
| Wind River Linux LTS 17 | Requires LTSS | -- | -- | -- |
| Wind River Linux 8 | Requires LTSS | -- | -- | -- |
| Wind River Linux 9 | Requires LTSS | -- | -- | -- |
| Wind River Linux 7 | Requires LTSS | -- | -- | -- |
| Wind River Linux LTS 21 | Fixed |
LIN1021-5327 |
10.21.20.17 | -- |
| Wind River Linux LTS 22 | Fixed |
LIN1022-3479 |
10.22.33.6 | -- |
| Wind River Linux LTS 18 | Fixed |
LIN1018-10394 |
10.18.44.29 | -- |
| Wind River Linux LTS 19 | Fixed |
LIN1019-9499 |
10.19.45.28 | -- |
| Wind River Linux CD release | Fixed | -- | 10.23.9.0 | -- |
| Wind River Linux 6 | Requires LTSS | -- | -- | -- |
| Wind River Linux LTS 23 | Not Vulnerable | -- | -- | -- |
| VxWorks | ||||
| VxWorks 7 | Not Vulnerable | -- | -- | -- |
| VxWorks 6.9 | Not Vulnerable | -- | -- | -- |
| Helix Virtualization Platform Cert Edition | ||||
| Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
| Product Name | Status | Defect | Fixed | Downloads |
|---|
