CVE-2023-1829 HIGH

CVE-2023-1829: Use-after-free in tcindex (traffic control index filter) in the Linux Kernel

Vendor Linux

Product Linux Kernel

Weakness CWE-416

Published April 12, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.

Key dates

02Disclosure timeline

April 12, 2023 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-1829 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/416.html

Related vulnerabilities

CVE-2023-1829: Use-after-free in tcindex (traffic control index filter) in the Linux Kernel

01Description

02Disclosure timeline

03References

04Related CVE