{"id":"CVE-2023-3777","details":"A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nWhen nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances.\n\nWe recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.","modified":"2026-03-13T07:40:10.169214Z","published":"2023-09-06T14:15:10.860Z","related":["SUSE-SU-2023:4345-1","SUSE-SU-2023:4348-1","SUSE-SU-2023:4351-1","SUSE-SU-2023:4358-1","SUSE-SU-2023:4375-1","SUSE-SU-2023:4378-1","SUSE-SU-2023:4414-1","SUSE-SU-2023:4732-1","SUSE-SU-2023:4766-1","SUSE-SU-2023:4775-1","SUSE-SU-2023:4776-1","SUSE-SU-2023:4781-1","SUSE-SU-2023:4801-1","SUSE-SU-2023:4805-1","SUSE-SU-2023:4817-1","SUSE-SU-2023:4820-1","SUSE-SU-2023:4822-1","SUSE-SU-2023:4836-1","SUSE-SU-2023:4839-1","SUSE-SU-2023:4841-1","SUSE-SU-2023:4848-1","SUSE-SU-2023:4849-1","SUSE-SU-2023:4862-1","SUSE-SU-2023:4863-1","SUSE-SU-2023:4867-1","SUSE-SU-2023:4871-1","SUSE-SU-2023:4872-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5492"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8"},{"type":"FIX","url":"https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3777.json","unresolved_ranges":[{"events":[{"introduced":"5.9"},{"fixed":"5.10.188"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.123"}]},{"events":[{"introduced":"5.16"},{"fixed":"6.1.42"}]},{"events":[{"introduced":"6.2"},{"fixed":"6.4.7"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"22.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}