1209634 – (CVE-2023-1281) VUL-0: CVE-2023-1281: kernel: use-after-free vulnerability inside the traffic control index filter (tcindex) allows Privilege Escalation

Bug 1209634 (CVE-2023-1281) - VUL-0: CVE-2023-1281: kernel: use-after-free vulnerability inside the traffic control index filter (tcindex) allows Privilege Escalation

Summary: VUL-0: CVE-2023-1281: kernel: use-after-free vulnerability inside the traffic...

Status:	RESOLVED FIXED

Alias:	CVE-2023-1281

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/360924/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-1281:7.8:(AV:L...
Keywords:

Depends on:
Blocks:	1209683
	Show dependency tree / graph

Clone This Bug

Reported:	2023-03-23 08:00 UTC by Alexander Bergmann
Modified:	2024-06-25 17:33 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2023-03-23 08:00:51 UTC

CVE-2023-1281

Use After Free vulnerability in Linux kernel traffic control index filter
(tcindex) allows Privilege Escalation. The imperfect hash area can be updated
while packets are traversing, which will cause a use-after-free when
'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user
can use this vulnerability to elevate its privileges to root. This issue affects
Linux Kernel: from 4.14 before git commit
ee059170b1f7e94e55fa6cadee544e176a6e59c2.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1281
https://www.cve.org/CVERecord?id=CVE-2023-1281
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee059170b1f7e94e55fa6cadee544e176a6e59c2
https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2

Comment 2 Alexander Bergmann 2023-03-24 07:21:17 UTC

Whiteboard was updated: CVSSv3.1: 7.8

Comment 4 Michal Kubeček 2023-03-24 14:33:10 UTC

introduced      9b0d4446b569    4.14-rc1
fixed           ee059170b1f7    6.2

The offending commit was also backported to SLE15-SP1-LTSS and inherited by
SLE12-SP5 (but not the other 4.12 based branches).

The fix has now been submitted to all relevant branches:

stable          6.2     
SLE15-SP4       b3c3f7f9eef1    (merged)
cve/linux-5.3   97b3f9df8e15
SLE12-SP5       79d6cb4ebd55    (merged)
SLE15-SP1-LTSS  972d4ccee318

Based on CVSSv3.1 score, the fix was also submitted to SLE15-SP5-GA branch
(the commit id is the same as for SLE15-SP4).

The two 4.12 based branches were missing rcu_replace_pointer() macro
introduced in mainline 5.5-rc1. It felt safer to simply cherry pick the
mainline commit introducing it than to open code it or try to tweak the
fix to use rcu_swap_protected() instead. All our 5.3 based branches did
already have that commit.

Reassigning back to security team.

Comment 18 Maintenance Automation 2023-04-10 12:30:47 UTC

SUSE-SU-2023:1803-1: An update that solves 14 vulnerabilities, contains one feature and has 23 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1076830, 1109158, 1181001, 1191924, 1193231, 1199837, 1203092, 1203693, 1206010, 1207001, 1207036, 1207125, 1207795, 1207890, 1208048, 1208179, 1208599, 1208777, 1208850, 1209008, 1209052, 1209118, 1209126, 1209256, 1209289, 1209291, 1209292, 1209532, 1209547, 1209549, 1209556, 1209572, 1209634, 1209684, 1209778, 1209798
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-20567, CVE-2023-0590, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1390, CVE-2023-1513, CVE-2023-23454, CVE-2023-23455, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772
Jira References: ECO-3191
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_42-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.156.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-4.12.14-122.156.1, kernel-source-4.12.14-122.156.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-4.12.14-122.156.1, kernel-source-4.12.14-122.156.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-4.12.14-122.156.1, kernel-source-4.12.14-122.156.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Maintenance Automation 2023-04-10 12:31:14 UTC

SUSE-SU-2023:1800-1: An update that solves 20 vulnerabilities and has seven fixes can now be installed.

Category: security (important)
Bug References: 1207168, 1207185, 1207560, 1208179, 1208598, 1208599, 1208601, 1208777, 1208787, 1208843, 1209008, 1209052, 1209256, 1209288, 1209289, 1209290, 1209291, 1209366, 1209532, 1209547, 1209549, 1209634, 1209635, 1209636, 1209672, 1209683, 1209778
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-4744, CVE-2023-0461, CVE-2023-1075, CVE-2023-1076, CVE-2023-1078, CVE-2023-1095, CVE-2023-1281, CVE-2023-1382, CVE-2023-1390, CVE-2023-1513, CVE-2023-1582, CVE-2023-23004, CVE-2023-25012, CVE-2023-28327, CVE-2023-28328, CVE-2023-28464, CVE-2023-28466, CVE-2023-28772
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_35-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.148.1, kernel-source-5.3.18-150200.24.148.1, kernel-syms-5.3.18-150200.24.148.1, kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.148.1, kernel-source-5.3.18-150200.24.148.1, kernel-syms-5.3.18-150200.24.148.1, kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-obs-build-5.3.18-150200.24.148.1, kernel-source-5.3.18-150200.24.148.1, kernel-syms-5.3.18-150200.24.148.1, kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1
SUSE Enterprise Storage 7 (src): kernel-obs-build-5.3.18-150200.24.148.1, kernel-source-5.3.18-150200.24.148.1, kernel-syms-5.3.18-150200.24.148.1, kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 20 Maintenance Automation 2023-04-10 12:31:42 UTC

SUSE-SU-2023:1802-1: An update that solves 11 vulnerabilities and has 25 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1189998, 1193629, 1194869, 1198400, 1203200, 1206552, 1207168, 1207185, 1207574, 1208602, 1208815, 1208902, 1209052, 1209118, 1209256, 1209290, 1209292, 1209366, 1209532, 1209547, 1209556, 1209600, 1209634, 1209635, 1209636, 1209681, 1209684, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1210050
CVE References: CVE-2017-5753, CVE-2022-4744, CVE-2023-0394, CVE-2023-1281, CVE-2023-1513, CVE-2023-1582, CVE-2023-1637, CVE-2023-1652, CVE-2023-28327, CVE-2023-28464, CVE-2023-28466
Sources used:
openSUSE Leap 15.4 (src): kernel-source-azure-5.14.21-150400.14.43.1, kernel-syms-azure-5.14.21-150400.14.43.1
Public Cloud Module 15-SP4 (src): kernel-source-azure-5.14.21-150400.14.43.1, kernel-syms-azure-5.14.21-150400.14.43.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Maintenance Automation 2023-04-10 12:32:25 UTC

SUSE-SU-2023:1801-1: An update that solves 14 vulnerabilities, contains one feature and has 19 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1076830, 1109158, 1181001, 1193231, 1199837, 1203693, 1206010, 1207001, 1207036, 1207125, 1207795, 1207890, 1208048, 1208599, 1208777, 1208850, 1209052, 1209118, 1209126, 1209256, 1209289, 1209291, 1209292, 1209532, 1209547, 1209549, 1209556, 1209572, 1209634, 1209684, 1209778, 1209798
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-20567, CVE-2023-0590, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1390, CVE-2023-1513, CVE-2023-23454, CVE-2023-23455, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772
Jira References: ECO-3191
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-azure-4.12.14-16.130.1, kernel-syms-azure-4.12.14-16.130.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-azure-4.12.14-16.130.1, kernel-syms-azure-4.12.14-16.130.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-azure-4.12.14-16.130.1, kernel-syms-azure-4.12.14-16.130.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Maintenance Automation 2023-04-11 12:30:30 UTC

SUSE-SU-2023:1811-1: An update that solves 20 vulnerabilities and has eight fixes can now be installed.

Category: security (important)
Bug References: 1207168, 1207560, 1208137, 1208179, 1208598, 1208599, 1208601, 1208777, 1208787, 1208843, 1209008, 1209052, 1209256, 1209288, 1209289, 1209290, 1209291, 1209366, 1209532, 1209547, 1209549, 1209634, 1209635, 1209636, 1209672, 1209683, 1209778, 1209785
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-4744, CVE-2023-0461, CVE-2023-1075, CVE-2023-1076, CVE-2023-1078, CVE-2023-1095, CVE-2023-1281, CVE-2023-1382, CVE-2023-1390, CVE-2023-1513, CVE-2023-1582, CVE-2023-23004, CVE-2023-25012, CVE-2023-28327, CVE-2023-28328, CVE-2023-28464, CVE-2023-28466, CVE-2023-28772
Sources used:
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_31-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise Real Time 15 SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Manager Proxy 4.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1
SUSE Manager Retail Branch Server 4.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1
SUSE Manager Server 4.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1
SUSE Enterprise Storage 7.1 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Maintenance Automation 2023-04-14 16:30:50 UTC

SUSE-SU-2023:1848-1: An update that solves 15 vulnerabilities and has nine fixes can now be installed.

Category: security (important)
Bug References: 1076830, 1192273, 1194535, 1207036, 1207125, 1207168, 1207795, 1208179, 1208599, 1208777, 1208811, 1208850, 1209008, 1209052, 1209256, 1209289, 1209291, 1209532, 1209547, 1209549, 1209634, 1209778, 1209845, 1209887
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2021-4203, CVE-2022-20567, CVE-2023-0590, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1390, CVE-2023-1513, CVE-2023-23454, CVE-2023-23455, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772
Sources used:
SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_39-1-150100.3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.142.1, kernel-obs-build-4.12.14-150100.197.142.1, kernel-source-4.12.14-150100.197.142.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.142.1, kernel-obs-build-4.12.14-150100.197.142.1, kernel-source-4.12.14-150100.197.142.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-syms-4.12.14-150100.197.142.1, kernel-obs-build-4.12.14-150100.197.142.1, kernel-source-4.12.14-150100.197.142.1
SUSE CaaS Platform 4.0 (src): kernel-syms-4.12.14-150100.197.142.1, kernel-obs-build-4.12.14-150100.197.142.1, kernel-source-4.12.14-150100.197.142.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Maintenance Automation 2023-04-18 12:30:17 UTC

SUSE-SU-2023:1897-1: An update that solves 14 vulnerabilities and has 25 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1189998, 1193629, 1194869, 1203200, 1206552, 1207168, 1207185, 1207574, 1208602, 1208815, 1208829, 1208902, 1209052, 1209118, 1209256, 1209290, 1209292, 1209366, 1209532, 1209547, 1209556, 1209572, 1209600, 1209634, 1209635, 1209636, 1209681, 1209684, 1209687, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1210050, 1210203
CVE References: CVE-2017-5753, CVE-2022-4744, CVE-2023-0394, CVE-2023-1281, CVE-2023-1513, CVE-2023-1582, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1838, CVE-2023-23001, CVE-2023-28327, CVE-2023-28464, CVE-2023-28466
Sources used:
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
openSUSE Leap 15.4 (src): kernel-obs-build-5.14.21-150400.24.60.1, kernel-syms-5.14.21-150400.24.60.1, kernel-source-5.14.21-150400.24.60.1, kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3, kernel-obs-qa-5.14.21-150400.24.60.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
Basesystem Module 15-SP4 (src): kernel-source-5.14.21-150400.24.60.1, kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
Development Tools Module 15-SP4 (src): kernel-syms-5.14.21-150400.24.60.1, kernel-source-5.14.21-150400.24.60.1, kernel-obs-build-5.14.21-150400.24.60.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_11-1-150400.9.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Maintenance Automation 2023-04-18 12:31:01 UTC

SUSE-SU-2023:1894-1: An update that solves 14 vulnerabilities and has 20 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142926, 1181001, 1193231, 1199837, 1203693, 1206010, 1207001, 1207125, 1207890, 1208048, 1208599, 1208777, 1208850, 1209052, 1209118, 1209126, 1209256, 1209289, 1209291, 1209292, 1209532, 1209547, 1209549, 1209556, 1209572, 1209613, 1209634, 1209684, 1209687, 1209777, 1209778, 1209798
CVE References: CVE-2017-5753, CVE-2020-36691, CVE-2021-3923, CVE-2022-20567, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1390, CVE-2023-1513, CVE-2023-1611, CVE-2023-23455, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-syms-rt-4.12.14-10.121.1, kernel-source-rt-4.12.14-10.121.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Maintenance Automation 2023-04-18 12:31:13 UTC

SUSE-SU-2023:1892-1: An update that solves 16 vulnerabilities and has four fixes can now be installed.

Category: security (important)
Bug References: 1207168, 1208137, 1208598, 1208601, 1208787, 1209052, 1209256, 1209288, 1209289, 1209290, 1209291, 1209366, 1209532, 1209547, 1209549, 1209634, 1209635, 1209636, 1209778, 1209785
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-4744, CVE-2023-0461, CVE-2023-1075, CVE-2023-1078, CVE-2023-1281, CVE-2023-1382, CVE-2023-1390, CVE-2023-1513, CVE-2023-1582, CVE-2023-28327, CVE-2023-28328, CVE-2023-28464, CVE-2023-28466, CVE-2023-28772
Sources used:
SUSE Real Time Module 15-SP3 (src): kernel-source-rt-5.3.18-150300.124.1, kernel-syms-rt-5.3.18-150300.124.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 34 Maintenance Automation 2023-04-25 12:30:13 UTC

SUSE-SU-2023:1992-1: An update that solves 14 vulnerabilities and has 26 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1189998, 1193629, 1194869, 1198400, 1203200, 1206552, 1207168, 1207185, 1207574, 1208602, 1208815, 1208829, 1208902, 1209052, 1209118, 1209256, 1209290, 1209292, 1209366, 1209532, 1209547, 1209556, 1209572, 1209600, 1209634, 1209635, 1209636, 1209681, 1209684, 1209687, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1210050, 1210203
CVE References: CVE-2017-5753, CVE-2022-4744, CVE-2023-0394, CVE-2023-1281, CVE-2023-1513, CVE-2023-1582, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1838, CVE-2023-23001, CVE-2023-28327, CVE-2023-28464, CVE-2023-28466
Sources used:
openSUSE Leap 15.4 (src): kernel-syms-rt-5.14.21-150400.15.23.1, kernel-source-rt-5.14.21-150400.15.23.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_6-1-150400.1.3.3
SUSE Real Time Module 15-SP4 (src): kernel-syms-rt-5.14.21-150400.15.23.1, kernel-source-rt-5.14.21-150400.15.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 37 Marcus Meissner 2023-09-04 15:40:41 UTC

done