cls_tcindex traffic-control UAF (CVE-2023-1829)¶
Aynı bug/CVE: bkz. canonical not net/sched cls_tcindex UAF (CVE-2023-1829).
Mechanism¶
Bu not, tcindex perfect-hash path'inin filter'ı deactivate etmeden exts->actions'ı free etmesinden doğan double-free/UAF'ı (CVE-2023-1829) anlatır — tam açıklama canonical not'ta: net/sched cls_tcindex UAF (CVE-2023-1829).
Walkthrough¶
Tam walkthrough canonical not'ta: net/sched cls_tcindex UAF.