CVE-2023-4015

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 6, 2023
Updated: Dec 12, 2023
CWE ID 416

Summary

CVE-2023-4015 is a use-after-free vulnerability affecting the Linux kernel's netfilter: nf_tables component. This issue can be exploited locally to achieve privilege escalation. When an error occurs while building a nftables rule, the immediate expressions in nft_immediate_deactivate() function can cause the chain and objects to be deactivated but later used. This leads to unbinding the chain, enabling an attacker to manipulate it for privilege escalation. To mitigate this risk, it is recommended to upgrade the Linux kernel past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-4015 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database