A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Google

Published: 2023-06-28T20:02:07.389Z

Updated: 2024-08-02T06:55:03.302Z

Reserved: 2023-06-23T13:45:16.519Z

Link: CVE-2023-3390

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-28T21:15:10.447

Modified: 2024-11-21T08:17:09.960

Link: CVE-2023-3390

cve-icon Redhat

Severity : Important

Publid Date: 2023-06-08T00:00:00Z

Links: CVE-2023-3390 - Bugzilla