ALAS2023LIVEPATCH-2023-014 --- kernel-livepatch-6.1.34-56.100ID: oval:org.secpod.oval:def:19500449 | Date: (C)2024-01-04 (M)2024-04-25 |
Class: PATCH | Family: unix |
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev fails, u32_set_parms will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter. If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.If tcf_change_indev fails, fw_set_parms will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter. If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f
Platform: |
Amazon Linux 2023 |
Product: |
kernel-livepatch-6.1.34-56.100 |