Use After Free Affecting kernel-rt-devel package, versions <0:3.10.0-1160.105.1.rt56.1256.el7


Severity

Recommended
0.0
high
0
10

Based on CentOS security rating.

Threat Intelligence

EPSS
0.56% (43rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS7-KERNELRTDEVEL-5890456
  • published7 Sept 2023
  • disclosed29 Jul 2023

Introduced: 29 Jul 2023

CVE-2023-4206  (opens in a new tab)
CWE-416  (opens in a new tab)

How to fix?

Upgrade Centos:7 kernel-rt-devel to version 0:3.10.0-1160.105.1.rt56.1256.el7 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-rt-devel package and not the kernel-rt-devel package as distributed by Centos. See How to fix? for Centos:7 relevant fixed versions and status.

A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.

When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.

We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.

CVSS Base Scores

version 3.1