A use-after-free vulnerability in... CVE-2023-4623

- AV AC AU C I A
发布: 2023-09-06
修订: 2024-08-26

A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有12条受影响产品信息