| title | permalink | redirect_from | |||
|---|---|---|---|---|---|
Advisory-EGI-SVG-2024-01 |
/Advisory-EGI-SVG-2024-01 |
|
Use-after-free flaws was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. [R 1]
EGI SVG ID : EGI-SVG-2024-01
CVE ID : CVE-2023-4206, CVE-2023-4207, CVE-2023-4208
CVSS Score : 7.8 [R 1]
Sites are recommended to update relevant components as soon as possible, see references below, where patches are available.
Potential mitigation is to prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically [R 1]
All relevant Linux versions appear to be affected, and most are patched
TLP:CLEAR information - Unlimited distribution
https://advisories.egi.eu/Advisory-EGI-SVG-2024-01
https://advisories.egi.eu/Advisory-SVG-CVE-2023-4206
https://advisories.egi.eu/Advisory-SVG-CVE-2023-4207
https://advisories.egi.eu/Advisory-SVG-CVE-2023-4208
Minor updates may be made without re-distribution to the sites.
Comments or questions should be sent to svg-rat at mailman.egi.eu
Vulnerabilities relevant for EGI can be reported at report-vulnerability at egi.eu
(see [R 99] for further details, and other information on SVG)
-
[R 4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4206
-
[R 8] https://security-tracker.debian.org/tracker/CVE-2023-4206
-
[R 10] https://errata.build.resf.org/ (RockyLinux)
-
[R 11] https://errata.almalinux.org/ (AlmaLinux)
-
[R 99] https://confluence.egi.eu/display/EGIBG/SVG+Advisories