CVE-2023-4147 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2023-4147?

CVE-2023-4147 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-4147?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Redhat Enterprise Linux, Redhat Enterprise Linux Eus, Redhat Enterprise Linux For Real Time.

Vulnerability Description

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 5.9, < 5.10.190
Fedoraproject	Fedora	38
Redhat	Enterprise Linux	9.0
Redhat	Enterprise Linux Eus	9.2
Redhat	Enterprise Linux For Real Time	9.0
Redhat	Enterprise Linux For Real Time For Nfv	9.0
Redhat	Enterprise Linux Server Aus	9.2
Debian	Debian Linux	10.0

Related Weaknesses (CWE)

CWE-416

References

https://access.redhat.com/errata/RHSA-2023:5069Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5091Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5093Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7382Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7389Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7411Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4147PatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2225239Issue TrackingPatchThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0eMailing ListPatch
https://www.spinics.net/lists/stable/msg671573.htmlMailing ListPatch
https://access.redhat.com/errata/RHSA-2023:5069Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5091Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5093Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7382Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7389Third Party Advisory

FAQ

What is CVE-2023-4147?

CVE-2023-4147 is a vulnerability with a CVSS score of 7.8 (HIGH). A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the sys...

How severe is CVE-2023-4147?

CVE-2023-4147 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-4147?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Redhat Enterprise Linux, Redhat Enterprise Linux Eus, Redhat Enterprise Linux For Real Time.