[SRU Focal/Jammy/OEM-5.17/Kinetic/OEM-6.0/Lunar 0/1] CVE-2023-3776

Cengiz Can cengiz.can at canonical.com
Fri Jul 28 06:57:38 UTC 2023

A use-after-free vulnerability in the Linux kernel’s net/sched: cls_fw
component can be exploited to achieve local privilege escalation. If
tcf_change_indev() fails, fw_set_parms() will immediately return an error after
incrementing or decrementing the reference counter in tcf_bind_filter(). If an
attacker can control the reference counter and set it to zero, they can cause
the reference to be freed, leading to a use-after-free vulnerability. We
recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.

Cherry picked from upstream. 

[Test case]
Compile and boot tested only.

[Potential regression]
All users that utilize traffic shaping might be affected. Although highly

M A Ramdhan (1):
  net/sched: cls_fw: Fix improper refcount update leads to

 net/sched/cls_fw.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)


More information about the kernel-team mailing list