CVE-2023-4004
HIGHLinux Kernel >=5.6 <5.10.188 - Use-After-Free in netfilter nft_pipapo_remove
Title source: llmDescription
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.
References (26)
Core 26
Core References
Mailing List, Patch, Third Party Advisory
https://patchwork.ozlabs.org/project/netfilter-devel/patch/[email protected]/
Third Party Advisory
https://www.debian.org/security/2023/dsa-5480
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20231027-0001/
Third Party Advisory
https://www.debian.org/security/2023/dsa-5492
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:4961
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:4962
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:4967
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:5069
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:5091
Broken Link, Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:5093
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:5221
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:5244
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:5255
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:5548
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:5627
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7382
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7389
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7411
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7417
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7431
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7434
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-4004
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2225275
Scores
CVSS v3
7.8
EPSS
0.0001
EPSS Percentile
3.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (11)
debian/debian_linux
10.0
debian/debian_linux
11.0
debian/debian_linux
12.0
fedoraproject/fedora
38
linux/linux_kernel
5.6 - 5.10.188
netapp/h300s
netapp/h410s
netapp/h500s
netapp/h700s
redhat/enterprise_linux
8.0
... and 1 more
Published
Jul 31, 2023
Tracked Since
Feb 18, 2026