Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:246428
[Rus]
Version
1
Class
patch
ALTXid
475588
Language
English
Severity
Critical
Title
DLA-3710-1 -- linux security update
Description
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Family
unix
Platform
Debian 10
Product
linux
Reference
VENDOR: DLA-3710-1
VENDOR: DLA-3710-1
Id:
DLA-3710-1
Reference:
https://lists.debian.org/debian-lts-announce/2024/debian-lts-announce-202401/msg00004.html
CVE: CVE-2021-44879
CVE: CVE-2021-44879
Id:
CVE-2021-44879
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44879
Comment
: In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://bugzilla.kernel.org/show_bug.cgi?id=215231 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3 (CONFIRM)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9056d6489f5a41cfbb67f719d2c0ce61ead72d9f (MISC)
https://lore.kernel.org/linux-f2fs-devel/20211206144421.3735-3-chao%40kernel.org/T/ ()
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update ()
CVE: CVE-2023-0590
CVE: CVE-2023-0590
Id:
CVE-2023-0590
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0590
Comment
: A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
CVSSv3 Score:
4.7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
416 (Use After Free)
References:
https://lore.kernel.org/all/20221018203258.2793282-1-edumazet%40google.com/ ()
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
CVE: CVE-2023-1077
CVE: CVE-2023-1077
Id:
CVE-2023-1077
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1077
Comment
: In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97 (MISC)
[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update (MLIST)
https://security.netapp.com/advisory/ntap-20230511-0002/ (CONFIRM)
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
CVE: CVE-2023-1206
CVE: CVE-2023-1206
Id:
CVE-2023-1206
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1206
Comment
: A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
CVSSv3 Score:
5.7
Attack vector:
ADJACENT_NETWORK
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2175903 (MISC)
DSA-5480 (DEBIAN)
DSA-5492 (DEBIAN)
https://security.netapp.com/advisory/ntap-20230929-0006/ (CONFIRM)
[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update (MLIST)
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
CVE: CVE-2023-1989
CVE: CVE-2023-1989
Id:
CVE-2023-1989
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1989
Comment
: A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088 (MISC)
[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update (MLIST)
[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update (MLIST)
https://security.netapp.com/advisory/ntap-20230601-0004/ (CONFIRM)
DSA-5492 (DEBIAN)
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
CVE: CVE-2023-3212
CVE: CVE-2023-3212
Id:
CVE-2023-3212
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3212
Comment
: A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.
CVSSv3 Score:
4.4
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2214348 (MISC)
DSA-5448 (DEBIAN)
DSA-5480 (DEBIAN)
https://security.netapp.com/advisory/ntap-20230929-0005/ (CONFIRM)
[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update (MLIST)
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
CVE: CVE-2023-3390
CVE: CVE-2023-3390
Id:
CVE-2023-3390
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390
Comment
: A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97 (MISC)
https://www.debian.org/security/2023/dsa-5448 (MISC)
https://www.debian.org/security/2023/dsa-5461 (MISC)
https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html (MISC)
https://security.netapp.com/advisory/ntap-20230818-0004/ (MISC)
http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-3609
CVE: CVE-2023-3609
Id:
CVE-2023-3609
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3609
Comment
: A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://kernel.dance/04c55383fa5689357bcdd2c8036725a55ed632bc (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc (MISC)
https://security.netapp.com/advisory/ntap-20230818-0005/ (MISC)
https://www.debian.org/security/2023/dsa-5480 (MISC)
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html (MISC)
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html (MISC)
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-3611
CVE: CVE-2023-3611
Id:
CVE-2023-3611
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3611
Comment
: An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64 (MISC)
https://www.debian.org/security/2023/dsa-5480 (MISC)
https://security.netapp.com/advisory/ntap-20230908-0002/ (MISC)
https://www.debian.org/security/2023/dsa-5492 (MISC)
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-3772
CVE: CVE-2023-3772
Id:
CVE-2023-3772
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3772
Comment
: A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.
CVSSv3 Score:
4.4
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2218943 (MISC)
https://access.redhat.com/security/cve/CVE-2023-3772 (MISC)
http://www.openwall.com/lists/oss-security/2023/08/10/1 (MISC)
http://www.openwall.com/lists/oss-security/2023/08/10/3 (MISC)
https://www.debian.org/security/2023/dsa-5492 (MISC)
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html (MISC)
RHSA-2023:6583 ()
RHSA-2023:6901 ()
RHSA-2023:7077 ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
RHSA-2024:0412 ()
RHSA-2024:0575 ()
CVE: CVE-2023-3776
CVE: CVE-2023-3776
Id:
CVE-2023-3776
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3776
Comment
: A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0323bce598eea038714f941ce2b22541c46d488f (MISC)
https://kernel.dance/0323bce598eea038714f941ce2b22541c46d488f (MISC)
https://www.debian.org/security/2023/dsa-5480 (MISC)
https://www.debian.org/security/2023/dsa-5492 (MISC)
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html (MISC)
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html (MISC)
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
https://security.netapp.com/advisory/ntap-20240202-0003/ ()
CVE: CVE-2023-4206
CVE: CVE-2023-4206
Id:
CVE-2023-4206
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4206
Comment
: A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 (MISC)
https://kernel.dance/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 (MISC)
https://www.debian.org/security/2023/dsa-5492 (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-4207
CVE: CVE-2023-4207
Id:
CVE-2023-4207
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4207
Comment
: A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec (MISC)
https://kernel.dance/76e42ae831991c828cffa8c37736ebfb831ad5ec (MISC)
https://www.debian.org/security/2023/dsa-5492 (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-4208
CVE: CVE-2023-4208
Id:
CVE-2023-4208
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4208
Comment
: A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 (MISC)
https://kernel.dance/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 (MISC)
https://www.debian.org/security/2023/dsa-5492 (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-4244
CVE: CVE-2023-4244
Id:
CVE-2023-4244
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4244
Comment
: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8 (MISC)
https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8 (MISC)
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-4622
CVE: CVE-2023-4622
Id:
CVE-2023-4622
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4622
Comment
: A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c (MISC)
https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c (MISC)
https://www.debian.org/security/2023/dsa-5492 (MISC)
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html (MISC)
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-4623
CVE: CVE-2023-4623
Id:
CVE-2023-4623
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4623
Comment
: A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f (MISC)
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html (MISC)
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-4921
CVE: CVE-2023-4921
Id:
CVE-2023-4921
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4921
Comment
: A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8 (MISC)
https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8 (MISC)
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-5717
CVE: CVE-2023-5717
Id:
CVE-2023-5717
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5717
Comment
: A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06 (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html ()
CVE: CVE-2023-6606
CVE: CVE-2023-6606
Id:
CVE-2023-6606
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6606
Comment
: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
CVSSv3 Score:
7.1
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://access.redhat.com/security/cve/CVE-2023-6606 ()
https://bugzilla.kernel.org/show_bug.cgi?id=218218 ()
RHBZ#2253611 ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
RHSA-2024:0723 ()
RHSA-2024:0725 ()
RHSA-2024:0881 ()
RHSA-2024:0897 ()
RHSA-2024:1188 ()
RHSA-2024:1248 ()
RHSA-2024:1404 ()
CVE: CVE-2023-6931
CVE: CVE-2023-6931
Id:
CVE-2023-6931
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6931
Comment
: A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b ()
https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html ()
CVE: CVE-2023-6932
CVE: CVE-2023-6932
Id:
CVE-2023-6932
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6932
Comment
: A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1 ()
https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1 ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html ()
http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html ()
CVE: CVE-2023-25775
CVE: CVE-2023-25775
Id:
CVE-2023-25775
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25775
Comment
: Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html (MISC)
https://security.netapp.com/advisory/ntap-20230915-0013/ (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html ()
CVE: CVE-2023-34319
CVE: CVE-2023-34319
Id:
CVE-2023-34319
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34319
Comment
: The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://xenbits.xenproject.org/xsa/advisory-432.html (MISC)
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
https://security.netapp.com/advisory/ntap-20240202-0001/ ()
CVE: CVE-2023-34324
CVE: CVE-2023-34324
Id:
CVE-2023-34324
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34324
Comment
: Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock).
CVSSv3 Score:
4.9
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
https://xenbits.xenproject.org/xsa/advisory-441.html ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html ()
CVE: CVE-2023-35001
CVE: CVE-2023-35001
Id:
CVE-2023-35001
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001
Comment
: Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/ (MISC)
https://www.openwall.com/lists/oss-security/2023/07/05/3 (MISC)
http://www.openwall.com/lists/oss-security/2023/07/05/3 (MISC)
https://www.debian.org/security/2023/dsa-5453 (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/ (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/ (MISC)
http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html (MISC)
https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html (MISC)
https://security.netapp.com/advisory/ntap-20230824-0007/ (MISC)
http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-39189
CVE: CVE-2023-39189
Id:
CVE-2023-39189
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39189
Comment
: A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
CVSSv3 Score:
6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://access.redhat.com/security/cve/CVE-2023-39189 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2226777 (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-39192
CVE: CVE-2023-39192
Id:
CVE-2023-39192
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39192
Comment
: A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.
CVSSv3 Score:
6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2226784 (MISC)
https://www.zerodayinitiative.com/advisories/ZDI-CAN-18408/ (MISC)
https://access.redhat.com/security/cve/CVE-2023-39192 (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-39193
CVE: CVE-2023-39193
Id:
CVE-2023-39193
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39193
Comment
: A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
CVSSv3 Score:
6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2226787 (MISC)
https://access.redhat.com/security/cve/CVE-2023-39193 (MISC)
https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866/ (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-39194
CVE: CVE-2023-39194
Id:
CVE-2023-39194
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39194
Comment
: A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.
CVSSv3 Score:
4.4
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2226788 (MISC)
https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/ (MISC)
https://access.redhat.com/security/cve/CVE-2023-39194 (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-40283
CVE: CVE-2023-40283
Id:
CVE-2023-40283
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40283
Comment
: An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10 (MISC)
https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 (MISC)
DSA-5480 (DEBIAN)
DSA-5492 (DEBIAN)
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html (MISC)
[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update (MLIST)
https://security.netapp.com/advisory/ntap-20231020-0007/ (CONFIRM)
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html ()
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
CVE: CVE-2023-42753
CVE: CVE-2023-42753
Id:
CVE-2023-42753
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42753
Comment
: An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://access.redhat.com/security/cve/CVE-2023-42753 (MISC)
https://www.openwall.com/lists/oss-security/2023/09/22/10 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2239843 (MISC)
https://seclists.org/oss-sec/2023/q3/216 (MISC)
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html (MISC)
RHSA-2023:7379 ()
RHSA-2023:7370 ()
RHSA-2023:7382 ()
RHSA-2023:7389 ()
RHSA-2023:7411 ()
RHSA-2023:7418 ()
RHSA-2023:7539 ()
RHSA-2023:7558 ()
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html ()
RHSA-2024:0089 ()
RHSA-2024:0113 ()
RHSA-2024:0134 ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
RHSA-2024:0340 ()
RHSA-2024:0346 ()
RHSA-2024:0347 ()
RHSA-2024:0371 ()
RHSA-2024:0376 ()
RHSA-2024:0378 ()
RHSA-2024:0402 ()
RHSA-2024:0403 ()
RHSA-2024:0412 ()
RHSA-2024:0461 ()
RHSA-2024:0562 ()
RHSA-2024:0563 ()
RHSA-2024:0593 ()
RHSA-2024:0999 ()
CVE: CVE-2023-42754
CVE: CVE-2023-42754
Id:
CVE-2023-42754
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42754
Comment
: A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://access.redhat.com/security/cve/CVE-2023-42754 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2239845 (MISC)
https://seclists.org/oss-sec/2023/q4/14 (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/ (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/ (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/ (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-42755
CVE: CVE-2023-42755
Id:
CVE-2023-42755
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42755
Comment
: A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://access.redhat.com/security/cve/CVE-2023-42755 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2239847 (MISC)
https://seclists.org/oss-sec/2023/q3/229 (MISC)
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-45863
CVE: CVE-2023-45863
Id:
CVE-2023-45863
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45863
Comment
: An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.
CVSSv3 Score:
6.4
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3bb2a01caa813d3a1845d378bbe4169ef280d394 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.3 (MISC)
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update ()
CVE: CVE-2023-45871
CVE: CVE-2023-45871
Id:
CVE-2023-45871
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45871
Comment
: An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.
CVSSv3 Score:
7.5
Attack vector:
ADJACENT_NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
131 (Incorrect Calculation of Buffer Size)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f (MISC)
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3 (MISC)
https://security.netapp.com/advisory/ntap-20231110-0001/ ()
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
CVE: CVE-2023-51780
CVE: CVE-2023-51780
Id:
CVE-2023-51780
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51780
Comment
: An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://github.com/torvalds/linux/commit/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3 ()
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 ()
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update ()
https://security.netapp.com/advisory/ntap-20240419-0001/ ()
CVE: CVE-2023-51781
CVE: CVE-2023-51781
Id:
CVE-2023-51781
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51781
Comment
: An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 ()
https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198 ()
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update ()
CVE: CVE-2023-51782
CVE: CVE-2023-51782
Id:
CVE-2023-51782
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51782
Comment
: An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 ()
https://github.com/torvalds/linux/commit/810c38a369a0a0ce625b5c12169abce1dd9ccd53 ()
[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update ()
[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update ()
Content available only for registered users!
ovaldb@altx-soft.com