CVE-2023-26545: Double Free Vulnerability in Net/MPLS/af_mpls.c in Linux Kernel Before 6.1.13

The Common Vulnerabilities and Exposures (CVE) system has identified a security vulnerability in the Linux kernel that is referenced as CVE-2023-26545. This critical issue affects the Linux kernel before version 6.1.13 and is related to a Double-Free vulnerability in the "net/mpls/af_mpls.c" code path. This post will provide an overview of the vulnerability, links to original references, and details about the exploit.

Overview of the Vulnerability

A double-free vulnerability exists within the net/mpls/af_mpls.c file in the Linux kernel before version 6.1.13. This bug can be exploited when there is an allocation failure while attempting to register the sysctl table under a new location during the renaming of a device. When this occurs, it results in memory corruption, which leads to denial of service, or even worse, privilege escalation attacks.

Here is an example code snippet from the affected file "net/mpls/af_mpls.c"

static int mpls_rename_sysctl(struct mpls_dev *mdev, const char *old_name,
 			      const char *new_name)
...
 	new_table = kmemdup(old_table, sizeof(*new_table), GFP_KERNEL);
...
error:
 	kfree(new_path);
 	return -ENOMEM;
}

As seen in the code snippet above, a failure in the "kmemdup" function results in a call to "kfree(new_path)", causing the double-free vulnerability.

Details of the Exploit

The primary issue with this vulnerability is that it causes a double-free scenario, which can lead to memory corruption. Attackers can exploit this vulnerability by triggering the allocation failure in the registration of the sysctl table while renaming a device.

The exploitation of this vulnerability may lead to denial of service or even privilege escalation. An attacker may potentially gain control over the system by triggering this vulnerability and exploiting the memory corruption it leads to.

Here are some links to the original references related to this vulnerability

1. CVE-2023-26545: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26545
2. Linux Kernel Source Code: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
3. Linux Kernel Mailing List: https://lkml.org/lkml/2019/8/27/194

Mitigation

To protect your systems from this vulnerability, it is crucial to update the Linux kernel to version 6.1.13 or later, where a patch has already been implemented to prevent this double-free vulnerability from being exploited. Users who are unable to upgrade their kernel can consider applying individual patches or mitigations provided by their respective Linux distribution vendors.

Conclusion

In conclusion, CVE-2023-26545 is a critical vulnerability that affects the Linux kernel before version 6.1.13. By exploiting this double-free vulnerability in net/mpls/af_mpls.c, bad actors may trigger memory corruption leading to denial of service or worse, privilege escalation attacks. To protect your systems, we advise updating to a patched version of the Linux kernel or applying appropriate mitigations from your Linux distribution.

Timeline

Published on: 02/25/2023 04:15:00 UTC
Last modified on: 05/03/2023 14:15:00 UTC