CVE-2023-0461: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-0461 is a use-after-free vulnerability discovered in the Linux Kernel's TLS protocol functionality. The vulnerability was reported by "slipper" and disclosed in January 2023. The issue affects Linux Kernel versions prior to 6.2-rc3 when kernel configuration flag CONFIGTLS or CONFIGXFRM_ESPINTCP is enabled (CVE Mitre, NVD).

The vulnerability stems from a use-after-free bug in the icskulpdata of a struct inetconnectionsock. When CONFIGTLS is enabled, users can install a tls context (struct tlscontext) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and becomes vulnerable. The setsockopt TCP_ULP operation does not require any privilege (Kernel Git).

The vulnerability can be exploited to achieve local privilege escalation. When successfully exploited, it could lead to denial of service (system crash or memory corruption) or possibly allow execution of arbitrary code with elevated privileges (Ubuntu Security, NetApp Security).

The vulnerability was fixed in Linux kernel commit 2c02d41d71f90a5168391b6a5f2954112ba2307c. Various Linux distributions have released patches to address this vulnerability. For systems where immediate patching is not possible, the main mitigation is ensuring that CONFIGTLS and CONFIGXFRM_ESPINTCP are not enabled in the kernel configuration (Debian Security).