CVE-2023-4206: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2023-4206) was discovered in the Linux kernel's net/sched: cls_route component. The vulnerability was disclosed on September 6, 2023, affecting Linux kernel versions up to (excluding) 6.5. The issue occurs in the route4_change() function when updating an existing filter, where improper handling of the tcf_result struct can lead to a use-after-free condition (NVD).

The vulnerability occurs when route4_change() is called on an existing filter, where the entire tcf_result struct is copied into the new instance of the filter. This causes an issue when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, Kernel Commit).

The vulnerability can be exploited to achieve local privilege escalation. When successfully exploited, it could allow an attacker to gain elevated privileges on the system, potentially leading to unauthorized access to system resources, data theft, or system compromise (NVD).

The vulnerability has been fixed in Linux kernel commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8. The fix involves no longer copying the tcf_result struct from the old filter during updates. Various Linux distributions have released patches, including Debian in version 6.1.52-1 and Red Hat in their security updates (Kernel Commit, Debian Advisory).