🔥CVE-2023-3390: UAF on Linux Netfilter nftables MFT_MSG_NEWRULE leads to LPE .
A UAF vulnerability was found in the Linux kernel’s Netfilter nf_tables subsystem . Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction, causing a UAF vulnerability. This flaw leads to LPE.
🔖Vulnerability and Exploit descriptions for CVE-2023-3390 here .
🔖Novel insights and exploit techniques
Affected kernel versions:
💾Linux version v.3.1-rc1 ~ v6.4-rc1 affects to this vulnerability
💾For LTS versions, lower versions of the versions below are affected by this vulnerability:
~ v6.1.35
~ v5.15.118
What do you think?
It is nice to know your opinion. Leave a comment.