CVE-2023-3777

Name: CVE-2023-3777
Creator: NVD / NIST
Published: 2023-09-06T14:15:10.86+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.41%

Last modified Jun 17, 2026

CVE-2023-3777 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.. EPSS estimates a 0.41% chance of exploitation in the next 30 days.

Description

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.41%

33.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	>= 5.9, < 5.10.188
Linux	Linux Kernel	>= 5.11, < 5.15.123
Linux	Linux Kernel	>= 5.16, < 6.1.42
Linux	Linux Kernel	>= 6.2, < 6.4.7
Debian	Debian Linux	12.0
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	16.04
Canonical	Ubuntu Linux	18.04
Canonical	Ubuntu Linux	20.04
Canonical	Ubuntu Linux	22.04

References

http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.htmlThird Party Advisory, VDB Entry
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.htmlThird Party Advisory, VDB Entry
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8Issue Tracking, Mailing List, Patch, Vendor Advisory
https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8Patch, Vendor Advisory
https://www.debian.org/security/2023/dsa-5492Third Party Advisory
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.htmlThird Party Advisory, VDB Entry
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.htmlThird Party Advisory, VDB Entry
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8Issue Tracking, Mailing List, Patch, Vendor Advisory
https://kernel.dance/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8Patch, Vendor Advisory
https://www.debian.org/security/2023/dsa-5492Third Party Advisory

Timeline

Published: Sep 6, 2023
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2023-3777?

How severe is CVE-2023-3777?

CVE-2023-3777 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.41% probability of exploitation in the next 30 days.

How do I fix CVE-2023-3777?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-3777?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST