Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

0

CVE-2023-4004

Disclosure Date: July 31, 2023 •

CVE-2023-4004 CVSS v3 Base Score: 7.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A use-after-free flaw was found in the Linux kernel’s netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

OS

Unknown

Vulnerable Versions

Red Hat Enterprise Linux 8 not down converted

Red Hat Enterprise Linux 8 not down converted

Red Hat Enterprise Linux 8 not down converted

Red Hat Enterprise Linux 8.2 Advanced Update Support not down converted

Red Hat Enterprise Linux 8.2 Telecommunications Update Service not down converted

Red Hat Enterprise Linux 8.2 Telecommunications Update Service not down converted

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions not down converted

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions not down converted

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support not down converted

Red Hat Enterprise Linux 8.4 Telecommunications Update Service not down converted

Red Hat Enterprise Linux 8.4 Telecommunications Update Service not down converted

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions not down converted

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions not down converted

Red Hat Enterprise Linux 8.6 Extended Update Support not down converted

Red Hat Enterprise Linux 8.6 Extended Update Support not down converted

Red Hat Enterprise Linux 9 not down converted

Red Hat Enterprise Linux 9 not down converted

Red Hat Enterprise Linux 9 not down converted

Red Hat Enterprise Linux 9 not down converted

Red Hat Enterprise Linux 9.0 Extended Update Support not down converted

Red Hat Enterprise Linux 9.0 Extended Update Support not down converted

Red Hat Enterprise Linux 9.0 Extended Update Support not down converted

Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 not down converted

Red Hat Enterprise Linux 6 not down converted

Red Hat Enterprise Linux 7 not down converted

Red Hat Enterprise Linux 7 not down converted

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

Products

References

Canonical

CVE-2023-4004 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4004)

Miscellaneous

https://access.redhat.com/security/cve/CVE-2023-4004

https://bugzilla.redhat.com/show_bug.cgi?id=2225275

https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719190824.21196-1-fw@strlen.de/

https://www.debian.org/security/2023/dsa-5480

https://access.redhat.com/errata/RHSA-2023:4961

https://access.redhat.com/errata/RHSA-2023:4962

https://access.redhat.com/errata/RHSA-2023:4967

https://www.debian.org/security/2023/dsa-5492

https://access.redhat.com/errata/RHSA-2023:5069

https://access.redhat.com/errata/RHSA-2023:5091

https://access.redhat.com/errata/RHSA-2023:5093

https://access.redhat.com/errata/RHSA-2023:5221

https://access.redhat.com/errata/RHSA-2023:5244

https://access.redhat.com/errata/RHSA-2023:5255

https://access.redhat.com/errata/RHSA-2023:5548

https://access.redhat.com/errata/RHSA-2023:5627

http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

https://security.netapp.com/advisory/ntap-20231027-0001/

https://access.redhat.com/errata/RHSA-2023:7382

https://access.redhat.com/errata/RHSA-2023:7389

https://access.redhat.com/errata/RHSA-2023:7411

https://access.redhat.com/errata/RHSA-2023:7417

https://access.redhat.com/errata/RHSA-2023:7431

https://access.redhat.com/errata/RHSA-2023:7434

http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html

Rapid7

Technical Analysis