AZL-34865

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34865.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-34865

Upstream

CVE-2023-6111

Published

2023-11-14T14:15:29Z

Modified

2026-04-21T04:27:30.966857Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2023-6111 affecting package kernel for versions less than 6.6.29.1-4

Details

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The function nfttransgccatchall did not remove the catchall set element from the catchalllist when the argument sync is true, making it possible to free a catchall set element many times.

We recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-6111

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.29.1-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34865.json"