Vulnerability Details : CVE-2023-4147
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
Vulnerability category: Memory Corruption
Products affected by CVE-2023-4147
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4147
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4147
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
Red Hat, Inc. |
CWE ids for CVE-2023-4147
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-4147
-
https://bugzilla.redhat.com/show_bug.cgi?id=2225239
2225239 – (CVE-2023-4147) CVE-2023-4147 kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-freeIssue Tracking;Patch;Third Party Advisory
-
https://www.debian.org/security/2023/dsa-5480
Debian -- Security Information -- DSA-5480-1 linuxThird Party Advisory
-
https://www.spinics.net/lists/stable/msg671573.html
[PATCH 6.4 090/239] netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID — Linux Stable Kernel UpdatesMailing List;Patch
-
https://access.redhat.com/errata/RHSA-2023:5091
RHSA-2023:5091 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2023/dsa-5492
Debian -- Security Information -- DSA-5492-1 linuxThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7411
RHSA-2023:7411 - Security Advisory - Portail Client Red HatThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:5069
RHSA-2023:5069 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:7382
RHSA-2023:7382 - Security Advisory - Portail Client Red HatThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
[SECURITY] [DLA 3623-1] linux-5.10 security updateMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:5093
RHSA-2023:5093 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch
-
https://access.redhat.com/errata/RHSA-2023:7389
RHSA-2023:7389 - Security Advisory - Portail Client Red HatThird Party Advisory
-
https://access.redhat.com/security/cve/CVE-2023-4147
CVE-2023-4147- Red Hat Customer PortalPatch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20231020-0006/
CVE-2023-4147 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
Jump to