VDB

DEBIAN-CVE-2023-4623

DEBIAN-CVE-2023-4623 PUBLISHED CVSS 7.800000190734863 HIGH

A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:12linux6.1.38-4~bpo11+1, 6.1.52-1, 6.1.27-1
Debian:13linux0, 0, 0
Debian:14linux0, 0, 0
Debian:11linux5.10.113-1, 5.10.120-1, 5.10.120-1

Timeline

  • Sep 6, 2023 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›