retired/CVE-2023-4207


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Description: net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
References:
 https://kernel.dance/76e42ae831991c828cffa8c37736ebfb831ad5ec
Notes:
 carnil> CVE-2023-4207 is from Google CNA a subset of CVE-2023-4128
 carnil> assigned by RedHat CNA.
 carnil> For 6.4.y fixed in 6.4.10.
Bugs:
upstream: released (6.5-rc5) [76e42ae831991c828cffa8c37736ebfb831ad5ec]
6.1-upstream-stable: released (6.1.45) [7f691439b29be0aae68f83ad5eecfddc11007724]
5.10-upstream-stable: released (5.10.190) [a8d478200b104ff356f51e1f63499fe46ba8c9b8]
4.19-upstream-stable: released (4.19.295) [4f38dc8496d1991e2c055a0068dd98fb48affcc6]
sid: released (6.4.11-1)
6.1-bookworm-security: released (6.1.52-1)
5.10-bullseye-security: released (5.10.191-1)
4.19-buster-security: released (4.19.304-1)