CVE-2023-6817

Public on 2023-12-18
Modified on 2024-01-11
Description

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.

We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.

Severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
HAQM Linux 2 - Kernel-5.10 Extra kernel 2024-01-23 ALAS2KERNEL-5.10-2024-047
HAQM Linux 2 - Kernel-5.10 Extra kernel 2024-01-09 ALAS2KERNEL-5.10-2024-045
HAQM Linux 2 - Kernel-5.15 Extra kernel 2024-01-09 ALAS2KERNEL-5.15-2024-033
HAQM Linux 2 - Kernel-5.15 Extra kernel 2024-01-23 ALAS2KERNEL-5.15-2024-035
HAQM Linux 2023 kernel 2024-01-22 ALAS2023-2024-488
HAQM Linux 2 - Livepatch Extra kernel-livepatch-5.10.201-191.748 2024-03-06 ALAS2LIVEPATCH-2024-167

CVSS Scores

Score Type Score Vector
HAQM Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2023-6817 Mitre: CVE-2023-6817 FAQs regarding HAQM Linux ALAS/CVE Severity