{"id":"CVE-2023-3610","summary":"Use-after-free in Linux kernel's netfilter: nf_tables component","details":"A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.\n\nWe recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.","modified":"2026-05-28T03:53:37.999386407Z","published":"2023-07-21T20:48:13.121Z","related":["ALSA-2023:5069","ALSA-2023:5091","SUSE-SU-2023:3599-1","SUSE-SU-2023:3599-2","SUSE-SU-2023:3600-1","SUSE-SU-2023:3600-2","SUSE-SU-2023:3656-1","SUSE-SU-2023:3682-1","SUSE-SU-2023:3964-1","SUSE-SU-2023:3969-1","SUSE-SU-2023:3971-1","SUSE-SU-2023:3988-1","SUSE-SU-2023:4766-1","SUSE-SU-2023:4805-1","SUSE-SU-2023:4822-1","SUSE-SU-2023:4841-1","SUSE-SU-2023:4848-1","SUSE-SU-2023:4849-1","SUSE-SU-2023:4872-1","SUSE-SU-2024:3190-1","SUSE-SU-2024:3209-1","SUSE-SU-2024:3483-1"],"database_specific":{"cna_assigner":"Google","cwe_ids":["CWE-416"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3610.json"},"references":[{"type":"WEB","url":"https://git.kernel.org"},{"type":"WEB","url":"https://kernel.dance/4bedf9eee016286c835e3d8fa981ddece5338795"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3610.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3610"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230818-0005/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5461"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=4bedf9eee016286c835e3d8fa981ddece5338795"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git","events":[{"introduced":"bbf5c979011a099af5dc76498918ed7df445635b"},{"fixed":"6995e2de6891c724bfeb2db33d7b87775f913ad1"}],"database_specific":{"extracted_events":[{"introduced":"5.9"},{"fixed":"6.4"}],"source":"AFFECTED_FIELD"}}],"versions":["v6.4-rc7","v6.4-rc1","v6.4-rc6","v6.4-rc5","v6.4-rc3","v6.4-rc4","v6.4-rc2","v6.3","v6.3-rc1","v6.3-rc7","v6.3-rc2","v6.3-rc3","v6.3-rc5","v6.3-rc6","v6.3-rc4","v6.2-rc6","v6.2-rc1","v6.2","v6.2-rc2","v6.2-rc8","v6.2-rc5","v6.2-rc4","v6.2-rc7","v6.2-rc3","v6.1-rc1","v6.1","v6.1-rc8","v6.1-rc3","v6.1-rc6","v6.1-rc7","v6.1-rc4","v6.1-rc2","v6.1-rc5","v6.0-rc1","v6.0","v6.0-rc7","v6.0-rc3","v6.0-rc2","v6.0-rc6","v6.0-rc4","v6.0-rc5","v5.19","v5.19-rc1","v5.19-rc5","v5.19-rc8","v5.19-rc6","v5.18","v5.19-rc2","v5.19-rc7","v5.19-rc3","v5.19-rc4","v5.18-rc1","v5.18-rc7","v5.18-rc2","v5.18-rc5","v5.17","v5.18-rc4","v5.18-rc3","v5.18-rc6","v5.17-rc6","v5.17-rc4","v5.17-rc8","v5.17-rc7","v5.17-rc1","v5.17-rc3","v5.17-rc2","v5.17-rc5","v5.16","v5.16-rc1","v5.16-rc8","v5.16-rc5","v5.16-rc6","v5.16-rc7","v5.16-rc3","v5.16-rc2","v5.16-rc4","v5.15","v5.15-rc2","v5.15-rc1","v5.15-rc4","v5.15-rc7","v5.15-rc3","v5.15-rc5","v5.15-rc6","v5.14","v5.14-rc3","v5.14-rc1","v5.14-rc2","v5.14-rc7","v5.14-rc6","v5.13-rc1","v5.14-rc5","v5.14-rc4","v5.13","v5.13-rc6","v5.13-rc7","v5.13-rc3","v5.13-rc2","v5.13-rc4","v5.13-rc5","v5.12","v5.12-rc2","v5.12-rc1-dontuse","v5.12-rc1","v5.12-rc8","v5.12-rc3","v5.12-rc7","v5.12-rc5","v5.12-rc6","v5.12-rc4","v5.10","v5.11","v5.11-rc3","v5.11-rc7","v5.11-rc6","v5.11-rc5","v5.11-rc1","v5.11-rc4","v5.11-rc2","v5.10-rc1","v5.10-rc7","v5.10-rc4","v5.10-rc3","v5.10-rc6","v5.9","v5.10-rc2","v5.10-rc5"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3610.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}