← Back to CVE List

CVE-2023-3609

Published: 2023-07-21T21:15Z
Last Modified: 2025-02-13T17:16Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt