{"id":"CVE-2023-5197","details":"A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nAddition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.\n\nWe recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.","modified":"2026-03-13T07:47:49.817545Z","published":"2023-09-27T15:19:43.110Z","related":["MGASA-2023-0295","MGASA-2023-0296","SUSE-SU-2024:0855-1","SUSE-SU-2024:0858-1","SUSE-SU-2024:0900-1","SUSE-SU-2024:0900-2","SUSE-SU-2024:0910-1","SUSE-SU-2024:0977-1","USN-6454-1","USN-6454-2","USN-6454-3","USN-6454-4"],"references":[{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f15f29fd4779be8a418b66e9d52979bb6d6c2325"},{"type":"FIX","url":"https://kernel.dance/f15f29fd4779be8a418b66e9d52979bb6d6c2325"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"5.9.0"},{"fixed":"5.10.198"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.134"}]},{"events":[{"introduced":"5.16"},{"fixed":"6.1.56"}]},{"events":[{"introduced":"6.2"},{"fixed":"6.5.6"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5197.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"}]}