Vulnerability Details : CVE-2023-4004
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.
Vulnerability category: Memory Corruption
Products affected by CVE-2023-4004
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
- cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
- cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
- cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4004
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4004
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
Red Hat, Inc. |
CWE ids for CVE-2023-4004
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-4004
-
https://access.redhat.com/errata/RHSA-2023:4967
RHSA-2023:4967 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2023/dsa-5480
Debian -- Security Information -- DSA-5480-1 linuxThird Party Advisory
-
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
Kernel Live Patch Security Notice LSN-0099-1 ≈ Packet StormThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2023:5091
RHSA-2023:5091 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2023/dsa-5492
Debian -- Security Information -- DSA-5492-1 linuxThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:5244
RHSA-2023:5244 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:5548
RHSA-2023:5548 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7434
RHSA-2023:7434 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2023:7411
RHSA-2023:7411 - Security Advisory - Portail Client Red HatThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2023:5069
RHSA-2023:5069 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2225275
2225275 – (CVE-2023-4004) CVE-2023-4004 kernel: netfilter: nft_set_pipapo: improper element removal in function nft_pipapo_remove when insert an element without a NFT_SET_EXT_KEY_END that can lead toIssue Tracking;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:4961
RHSA-2023:4961 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7417
RHSA-2023:7417 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2023:7382
RHSA-2023:7382 - Security Advisory - Portail Client Red HatThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:5627
RHSA-2023:5627 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
[SECURITY] [DLA 3623-1] linux-5.10 security updateThird Party Advisory
-
https://access.redhat.com/security/cve/CVE-2023-4004
CVE-2023-4004- Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:5093
RHSA-2023:5093 - Security Advisory - Red Hat Customer PortalBroken Link;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:5255
RHSA-2023:5255 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:5221
RHSA-2023:5221 - Security Advisory - Portail Client Red HatThird Party Advisory
-
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719190824.21196-1-fw@strlen.de/
[nf] netfilter: nft_set_pipapo: fix improper element removal - PatchworkMailing List;Patch;Third Party Advisory
-
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html
Kernel Live Patch Security Notice LSN-0098-1 ≈ Packet StormThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2023:7389
RHSA-2023:7389 - Security Advisory - Portail Client Red HatThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20231027-0001/
CVE-2023-4004 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:4962
RHSA-2023:4962 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7431
RHSA-2023:7431 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
Jump to