A use-after-free vulnerability in... CVE-2023-3776

- AV AC AU C I A
发布: 2023-07-21
修订: 2024-08-22

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.

0%
当前有28条漏洞利用/PoC
当前有12条受影响产品信息