Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:217590
[Rus]
Version
1
Class
patch
ALTXid
440934
Language
English
Severity
High
Title
SUSE-SU-2023:2506-1 -- Security update for the Linux Kernel
Description
The SUSE Linux Enterprise 11 SP4 LTSS EXTREME CORE kernel was updated to receive various security and bugfixes.
Family
unix
Platform
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 11 LTSS
Product
Linux Kernel
Reference
VENDOR: SUSE-SU-2023:2506-1
VENDOR: SUSE-SU-2023:2506-1
Id:
SUSE-SU-2023:2506-1
Reference:
https://www.suse.com/support/update/announcement/2023/SUSE-SU-20232506-1/
CVE: CVE-2017-5753
CVE: CVE-2017-5753
Id:
CVE-2017-5753
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
Comment
: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:N/A:N
CVSSv3 Score:
5.6
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE:
203 (Information Exposure Through Discrepancy)
References:
https://www.synology.com/support/security/Synology_SA_18_01 (CONFIRM)
https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/ (CONFIRM)
https://support.lenovo.com/us/en/solutions/LEN-18282 (CONFIRM)
https://support.f5.com/csp/article/K91229003 (CONFIRM)
https://spectreattack.com/ (MISC)
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html (MISC)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 (CONFIRM)
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html (MISC)
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ (CONFIRM)
https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/ (CONFIRM)
https://access.redhat.com/security/vulnerabilities/speculativeexecution (CONFIRM)
http://xenbits.xen.org/xsa/advisory-254.html (CONFIRM)
1040071 (SECTRACK)
VU#584653 (CERT-VN)
http://nvidia.custhelp.com/app/answers/detail/a_id/4609 (CONFIRM)
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html (CONFIRM)
43427 (EXPLOIT-DB)
20180104 CPU Side-Channel Information Disclosure Vulnerabilities (CISCO)
https://support.citrix.com/article/CTX231399 (CONFIRM)
https://security.netapp.com/advisory/ntap-20180104-0001/ (CONFIRM)
102371 (BID)
http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html (MISC)
http://nvidia.custhelp.com/app/answers/detail/a_id/4614 (CONFIRM)
http://nvidia.custhelp.com/app/answers/detail/a_id/4613 (CONFIRM)
http://nvidia.custhelp.com/app/answers/detail/a_id/4611 (CONFIRM)
openSUSE-SU-2018:0023 (SUSE)
openSUSE-SU-2018:0022 (SUSE)
SUSE-SU-2018:0012 (SUSE)
SUSE-SU-2018:0011 (SUSE)
SUSE-SU-2018:0010 (SUSE)
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us (CONFIRM)
USN-3516-1 (UBUNTU)
RHSA-2018:0292 (REDHAT)
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt (CONFIRM)
USN-3597-2 (UBUNTU)
USN-3597-1 (UBUNTU)
USN-3580-1 (UBUNTU)
USN-3549-1 (UBUNTU)
USN-3542-1 (UBUNTU)
USN-3541-1 (UBUNTU)
USN-3540-1 (UBUNTU)
USN-3542-2 (UBUNTU)
USN-3541-2 (UBUNTU)
USN-3540-2 (UBUNTU)
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html (CONFIRM)
DSA-4188 (DEBIAN)
DSA-4187 (DEBIAN)
https://cert.vde.com/en-us/advisories/vde-2018-003 (CONFIRM)
https://cert.vde.com/en-us/advisories/vde-2018-002 (CONFIRM)
VU#180049 (CERT-VN)
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability (CONFIRM)
[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update (MLIST)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update (MLIST)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us (CONFIRM)
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001 (CONFIRM)
GLSA-201810-06 (GENTOO)
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes (CONFIRM)
https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf (CONFIRM)
[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update (MLIST)
[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update (MLIST)
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (MISC)
20190624 [SECURITY] [DSA 4469-1] libvirt security update (BUGTRAQ)
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt (CONFIRM)
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf (CONFIRM)
https://cdrdv2.intel.com/v1/dl/getContent/685359 (CONFIRM)
CVE: CVE-2018-9517
CVE: CVE-2018-9517
Id:
CVE-2018-9517
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9517
Comment
: In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.7
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://source.android.com/security/bulletin/pixel/2018-09-01 (CONFIRM)
USN-3932-2 (UBUNTU)
USN-3932-1 (UBUNTU)
RHSA-2019:2043 (REDHAT)
RHSA-2019:2029 (REDHAT)
CVE: CVE-2022-3567
CVE: CVE-2022-3567
Id:
CVE-2022-3567
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3567
Comment
: A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.
CVSSv3 Score:
6.4
Attack vector:
ADJACENT_NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
LOW
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
https://vuldb.com/?id.211090 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=364f997b5cfe1db0d63a390fe7c801fa2b3115f6 (MISC)
CVE: CVE-2023-0590
CVE: CVE-2023-0590
Id:
CVE-2023-0590
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0590
Comment
: A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
CVSSv3 Score:
4.7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
416 (Use After Free)
References:
https://lore.kernel.org/all/20221018203258.2793282-1-edumazet%40google.com/ ()
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
CVE: CVE-2023-1118
CVE: CVE-2023-1118
Id:
CVE-2023-1118
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1118
Comment
: A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/torvalds/linux/commit/29b0589a865b6f66d141d79b2dd1373e4e50fe17 (MISC)
https://security.netapp.com/advisory/ntap-20230413-0003/ (CONFIRM)
[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update (MLIST)
[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update (MLIST)
CVE: CVE-2023-1513
CVE: CVE-2023-1513
Id:
CVE-2023-1513
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1513
Comment
: A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
CVSSv3 Score:
3.3
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE:
665 (Improper Initialization)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2179892 (MISC)
https://github.com/torvalds/linux/commit/2c10b61421a28e95a46ab489fd56c0f442ff6952 (MISC)
[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update (MLIST)
[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update (MLIST)
https://lore.kernel.org/kvm/20230214103304.3689213-1-gregkh%40linuxfoundation.org/ ()
CVE: CVE-2023-1670
CVE: CVE-2023-1670
Id:
CVE-2023-1670
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1670
Comment
: A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update (MLIST)
[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update (MLIST)
https://security.netapp.com/advisory/ntap-20230526-0010/ (CONFIRM)
https://lore.kernel.org/all/20230316161526.1568982-1-zyytlz.wz%40163.com/ ()
CVE: CVE-2023-1989
CVE: CVE-2023-1989
Id:
CVE-2023-1989
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1989
Comment
: A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088 (MISC)
[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update (MLIST)
[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update (MLIST)
https://security.netapp.com/advisory/ntap-20230601-0004/ (CONFIRM)
DSA-5492 (DEBIAN)
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
CVE: CVE-2023-2162
CVE: CVE-2023-2162
Id:
CVE-2023-2162
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2162
Comment
: A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
416 (Use After Free)
References:
https://www.spinics.net/lists/linux-scsi/msg181542.html (MISC)
[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update (MLIST)
[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update (MLIST)
CVE: CVE-2023-23454
CVE: CVE-2023-23454
Id:
CVE-2023-23454
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23454
Comment
: cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12 (MISC)
https://www.openwall.com/lists/oss-security/2023/01/10/4 (MISC)
https://www.openwall.com/lists/oss-security/2023/01/10/1 (MISC)
DSA-5324 (DEBIAN)
[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update (MLIST)
[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update (MLIST)
CVE: CVE-2023-23455
CVE: CVE-2023-23455
Id:
CVE-2023-23455
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23455
Comment
: atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b (MISC)
https://www.openwall.com/lists/oss-security/2023/01/10/4 (MISC)
https://www.openwall.com/lists/oss-security/2023/01/10/1 (MISC)
DSA-5324 (DEBIAN)
[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update (MLIST)
[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update (MLIST)
CVE: CVE-2023-23559
CVE: CVE-2023-23559
Id:
CVE-2023-23559
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23559
Comment
: In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://security.netapp.com/advisory/ntap-20230302-0003/ (CONFIRM)
[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update (MLIST)
[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update (MLIST)
https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich%40gmail.com/ ()
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c ()
CVE: CVE-2023-28328
CVE: CVE-2023-28328
Id:
CVE-2023-28328
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28328
Comment
: A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2177389 (MISC)
[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update (MLIST)
[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update (MLIST)
CVE: CVE-2023-32269
CVE: CVE-2023-32269
Id:
CVE-2023-32269
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32269
Comment
: An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.
CVSSv3 Score:
6.7
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.11 (MISC)
https://github.com/torvalds/linux/commit/611792920925fb088ddccbe2783c7f92fdfb6b64 (MISC)
Content available only for registered users!
ovaldb@altx-soft.com