CVE-2023-4004

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jul 31, 2023

Updated: Dec 29, 2023

CWE ID 416

Summary

CVE-2023-4004 is a use-after-free vulnerability affecting the Linux kernel's netfilter. This issue arises when a user triggers the nft_pipapo_remove function without the proper NFT_SET_EXT_KEY_END marker. Consequences of this flaw can lead to system crashes for local users. Potentially, an attacker could also leverage this vulnerability to escalate their privileges on the affected system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r8h78X
https://www.cve.org/CVERecord?id=CVE-2023-4004
https://nvd.nist.gov/vuln/detail/CVE-2023-4004

Back to Vulnerability Database

CVE-2023-4004

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations