CVE-2023-3390

A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

History

27 Mar 2024, 14:11

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html - () http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html - Third Party Advisory, VDB Entry
References () https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html - () https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html - () https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html - Third Party Advisory, VDB Entry
References () https://security.netapp.com/advisory/ntap-20230818-0004/ - () https://security.netapp.com/advisory/ntap-20230818-0004/ - Third Party Advisory
References () https://www.debian.org/security/2023/dsa-5461 - () https://www.debian.org/security/2023/dsa-5461 - Third Party Advisory
CPE cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
First Time Netapp h300s
Netapp
Netapp h700s
Netapp h410s
Netapp h410c
Netapp h500s

18 Aug 2023, 14:15

Type Values Removed Values Added
References
  • (MISC) https://security.netapp.com/advisory/ntap-20230818-0004/ -

02 Aug 2023, 17:15

Type Values Removed Values Added
References
  • (MISC) https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html -

30 Jul 2023, 21:15

Type Values Removed Values Added
References
  • (MISC) https://www.debian.org/security/2023/dsa-5461 -

06 Jul 2023, 21:32

Type Values Removed Values Added
CWE CWE-416
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
References (MISC) https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97 - (MISC) https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97 - Patch
References (MISC) https://www.debian.org/security/2023/dsa-5448 - (MISC) https://www.debian.org/security/2023/dsa-5448 - Third Party Advisory
References (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97 - (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97 - Mailing List, Patch

06 Jul 2023, 04:15

Type Values Removed Values Added
References
  • (MISC) https://www.debian.org/security/2023/dsa-5448 -

29 Jun 2023, 15:35

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-28 21:15

Updated : 2024-03-27 14:11


NVD link : CVE-2023-3390

Mitre link : CVE-2023-3390

CVE.ORG link : CVE-2023-3390


JSON object : View

Products Affected

netapp

  • h300s
  • h410c
  • h500s
  • h700s
  • h410s

linux

  • linux_kernel
CWE
CWE-416

Use After Free