78%
18%
98%
A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system.
** REJECT ** DO NOT USE THIS CVE RECORD. Â ConsultIDs: CVE-2023-3390. Â Reason: This record is a duplicate of CVE-2023-3390. Â Notes: All CVE users should reference CVE-2023-3390 instead of this record. Â All references and descriptions in this record have been removed to prevent accidental usage.
** REJECT ** Duplicate of CVE-2023-3390.
Rejected reason: Duplicate of CVE-2023-3390.
CVSS 3.1 Base Score 7.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The following example demonstrates the weakness.
}free(buf3R2);The following code illustrates a use after free error:
}free(ptr);logError("operation aborted before commit", ptr);When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function.
ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.
If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.