CVE-2023-3610: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the Linux kernel's netfilter: nftables component (CVE-2023-3610). The vulnerability exists in the error handling of bound chains, specifically causing a use-after-free condition in the abort path of NFTMSGNEWRULE. The issue requires CAPNET_ADMIN privileges to be triggered and affects Linux kernel versions prior to 6.4 (NVD).

The vulnerability is rated with a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The flaw specifically occurs in the chain binding transaction logic where there is an imbalance in the chain use refcount that triggers a WARN_ON on the table and chain destroy path. The issue also involves incorrect handling of nested chain bindings, which is not supported from userspace (Kernel Patch).

When successfully exploited, this vulnerability could lead to local privilege escalation, denial of service (DoS), or disclosure of sensitive information. The impact is particularly significant as it affects the netfilter subsystem, a core component of Linux networking (NetApp Advisory).

The vulnerability has been fixed in Linux kernel version 6.4 with commit 4bedf9eee016286c835e3d8fa981ddece5338795. Various distributions have released patches for their respective versions: Debian has fixed this in version 5.10.179-3 for the oldstable distribution (bullseye), and Ubuntu has released fixes for multiple kernel versions across different releases (Debian Security).