A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.
Fixes

Solution

No solution given by the vendor.


Workaround

This flaw can be mitigated by preventing the affected netfilter kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.

References
Link Providers
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html cve-icon
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html cve-icon
https://access.redhat.com/errata/RHSA-2023:4961 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:4962 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:4967 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:5069 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:5091 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:5093 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:5221 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:5244 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:5255 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:5548 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:5627 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7382 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7389 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7411 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7417 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7431 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7434 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2023-4004 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2225275 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-4004 cve-icon
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719190824.21196-1-fw@strlen.de/ cve-icon cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20231027-0001/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-4004 cve-icon
https://www.debian.org/security/2023/dsa-5480 cve-icon
https://www.debian.org/security/2023/dsa-5492 cve-icon
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-26T02:52:18.600Z

Reserved: 2023-07-30T11:58:17.241Z

Link: CVE-2023-4004

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-07-31T17:15:10.203

Modified: 2024-11-21T08:34:12.390

Link: CVE-2023-4004

cve-icon Redhat

Severity : Important

Publid Date: 2023-07-19T00:00:00Z

Links: CVE-2023-4004 - Bugzilla

cve-icon OpenCVE Enrichment

No data.