Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.The setsockopt TCP_ULP operation does not require any privilege.We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c02d41d71f90a5168391b6a5f2954112ba2307c
- https://github.com/ARPSyndicate/cvemon
- https://github.com/EGI-Federation/SVG-advisories
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/b1nhack/CVE-2023-0461
- https://github.com/borzakovskiy/CoolSols
- https://github.com/c0debatya/CoolSols
- https://github.com/hheeyywweellccoommee/linux-4.19.72_CVE-2023-0461-ycnbd
- https://github.com/hshivhare67/kernel_v4.19.72_CVE-2023-0461
- https://github.com/nidhi7598/linux-4.19.72_CVE-2023-0461
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/rockrid3r/CoolSols
- https://github.com/sysca11/CoolSols
- https://github.com/xairy/linux-kernel-exploitation