A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.
Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.
We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Google
Published: 2023-06-28T20:02:07.389Z
Updated: 2024-08-02T06:55:03.302Z
Reserved: 2023-06-23T13:45:16.519Z
Link: CVE-2023-3390
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-06-28T21:15:10.447
Modified: 2024-11-21T08:17:09.960
Link: CVE-2023-3390
Redhat