Severity
High
Analysis Summary
CVE-2023-31248 CVSS:7.8
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by nf_tables use-after-free when using nft_chain_lookup_byid. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-3269 CVSS:8.4
Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the handling of stack expansion in the memory management subsystem. An attacker could exploit this vulnerability to compromise the kernel and gain elevated privileges on the system.
CVE-2023-35001 CVSS:7.8
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a nf_tables nft_byteorder_eval out-of-bounds read/write. By sending a specially crafted request, an aattacker could exploit this vulnerability to escalate privileges.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-31248
- CVE-2023-3269
- CVE-2023-35001
Affected Vendors
Linux
Affected Products
- Linux Kernel
Remediation
Upgrade to the latest version of Linux Kernel, available from the Kernel Website.