Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:221817
[Eng]
Version
1
Class
patch
ALTXid
447498
Language
Russian
Severity
High
Title
Обновление SUSE-SU-2023:3324-1 -- устранение уязвимостей в the Linux Kernel
Description
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.
Family
unix
Platform
SUSE Linux Enterprise Server 12
Product
Linux Kernel
Reference
VENDOR: SUSE-SU-2023:3324-1
VENDOR: SUSE-SU-2023:3324-1
Id:
SUSE-SU-2023:3324-1
Reference:
https://www.suse.com/support/update/announcement/2023/SUSE-SU-20233324-1/
CVE: CVE-2018-20784
CVE: CVE-2018-20784
Id:
CVE-2018-20784
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20784
Comment
: In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
https://github.com/torvalds/linux/commit/c40f7d74c741a907cfaeb73a7697081881c497d0 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.2 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c40f7d74c741a907cfaeb73a7697081881c497d0 (MISC)
RHSA-2019:1959 (REDHAT)
RHSA-2019:1971 (REDHAT)
USN-4115-1 (UBUNTU)
USN-4118-1 (UBUNTU)
USN-4211-2 (UBUNTU)
USN-4211-1 (UBUNTU)
CVE: CVE-2018-3639
CVE: CVE-2018-3639
Id:
CVE-2018-3639
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
Comment
: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
203 (Information Exposure Through Discrepancy)
References:
TA18-141A (CERT)
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html (CONFIRM)
https://www.synology.com/support/security/Synology_SA_18_23 (CONFIRM)
VU#180049 (CERT-VN)
USN-3655-2 (UBUNTU)
USN-3654-2 (UBUNTU)
USN-3654-1 (UBUNTU)
USN-3653-2 (UBUNTU)
USN-3653-1 (UBUNTU)
USN-3652-1 (UBUNTU)
USN-3651-1 (UBUNTU)
20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018 (CISCO)
https://support.citrix.com/article/CTX235225 (CONFIRM)
https://security.netapp.com/advisory/ntap-20180521-0001/ (CONFIRM)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012 (CONFIRM)
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability (CONFIRM)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 (MISC)
RHSA-2018:1660 (REDHAT)
RHSA-2018:1655 (REDHAT)
RHSA-2018:1647 (REDHAT)
RHSA-2018:1630 (REDHAT)
http://xenbits.xen.org/xsa/advisory-263.html (CONFIRM)
1040949 (SECTRACK)
http://support.lenovo.com/us/en/solutions/LEN-22133 (CONFIRM)
RHSA-2018:1690 (REDHAT)
RHSA-2018:1689 (REDHAT)
RHSA-2018:1688 (REDHAT)
RHSA-2018:1686 (REDHAT)
RHSA-2018:1676 (REDHAT)
RHSA-2018:1675 (REDHAT)
RHSA-2018:1674 (REDHAT)
RHSA-2018:1669 (REDHAT)
RHSA-2018:1668 (REDHAT)
RHSA-2018:1667 (REDHAT)
RHSA-2018:1666 (REDHAT)
RHSA-2018:1665 (REDHAT)
RHSA-2018:1664 (REDHAT)
RHSA-2018:1663 (REDHAT)
RHSA-2018:1662 (REDHAT)
RHSA-2018:1661 (REDHAT)
RHSA-2018:1659 (REDHAT)
RHSA-2018:1658 (REDHAT)
RHSA-2018:1657 (REDHAT)
RHSA-2018:1656 (REDHAT)
RHSA-2018:1654 (REDHAT)
RHSA-2018:1653 (REDHAT)
RHSA-2018:1652 (REDHAT)
RHSA-2018:1651 (REDHAT)
RHSA-2018:1650 (REDHAT)
RHSA-2018:1649 (REDHAT)
RHSA-2018:1648 (REDHAT)
RHSA-2018:1646 (REDHAT)
RHSA-2018:1645 (REDHAT)
RHSA-2018:1644 (REDHAT)
RHSA-2018:1643 (REDHAT)
RHSA-2018:1642 (REDHAT)
RHSA-2018:1636 (REDHAT)
RHSA-2018:1635 (REDHAT)
RHSA-2018:1633 (REDHAT)
RHSA-2018:1632 (REDHAT)
RHSA-2018:1629 (REDHAT)
104232 (BID)
44695 (EXPLOIT-DB)
RHSA-2018:1711 (REDHAT)
RHSA-2018:1710 (REDHAT)
RHSA-2018:1696 (REDHAT)
DSA-4210 (DEBIAN)
USN-3655-1 (UBUNTU)
RHSA-2018:1738 (REDHAT)
RHSA-2018:1737 (REDHAT)
RHSA-2018:1641 (REDHAT)
RHSA-2018:1640 (REDHAT)
RHSA-2018:1639 (REDHAT)
RHSA-2018:1638 (REDHAT)
RHSA-2018:1637 (REDHAT)
http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html (CONFIRM)
USN-3680-1 (UBUNTU)
USN-3679-1 (UBUNTU)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us (CONFIRM)
RHSA-2018:1826 (REDHAT)
RHSA-2018:1854 (REDHAT)
RHSA-2018:2006 (REDHAT)
RHSA-2018:2003 (REDHAT)
RHSA-2018:2001 (REDHAT)
RHSA-2018:1997 (REDHAT)
RHSA-2018:1967 (REDHAT)
RHSA-2018:1965 (REDHAT)
RHSA-2018:2060 (REDHAT)
RHSA-2018:2164 (REDHAT)
RHSA-2018:2162 (REDHAT)
RHSA-2018:2161 (REDHAT)
RHSA-2018:2172 (REDHAT)
RHSA-2018:2171 (REDHAT)
RHSA-2018:2216 (REDHAT)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
RHSA-2018:2228 (REDHAT)
RHSA-2018:2250 (REDHAT)
RHSA-2018:2246 (REDHAT)
RHSA-2018:2258 (REDHAT)
[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update (MLIST)
RHSA-2018:2289 (REDHAT)
RHSA-2018:2328 (REDHAT)
RHSA-2018:2309 (REDHAT)
RHSA-2018:2364 (REDHAT)
RHSA-2018:2363 (REDHAT)
RHSA-2018:2396 (REDHAT)
RHSA-2018:2394 (REDHAT)
RHSA-2018:2387 (REDHAT)
DSA-4273 (DEBIAN)
USN-3756-1 (UBUNTU)
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf (CONFIRM)
[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update (MLIST)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004 (CONFIRM)
USN-3777-3 (UBUNTU)
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006 (CONFIRM)
RHSA-2018:3425 (REDHAT)
RHSA-2018:3424 (REDHAT)
RHSA-2018:3423 (REDHAT)
RHSA-2018:3407 (REDHAT)
RHSA-2018:3402 (REDHAT)
RHSA-2018:3401 (REDHAT)
RHSA-2018:3400 (REDHAT)
RHSA-2018:3399 (REDHAT)
RHSA-2018:3398 (REDHAT)
RHSA-2018:3397 (REDHAT)
RHSA-2018:3396 (REDHAT)
RHSA-2018:2948 (REDHAT)
1042004 (SECTRACK)
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 (CONFIRM)
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html (CONFIRM)
RHSA-2019:0148 (REDHAT)
https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf (CONFIRM)
[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update (MLIST)
[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update (MLIST)
[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update (MLIST)
https://nvidia.custhelp.com/app/answers/detail/a_id/4787 (CONFIRM)
https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html (CONFIRM)
RHSA-2019:1046 (REDHAT)
openSUSE-SU-2019:1439 (SUSE)
openSUSE-SU-2019:1438 (SUSE)
20190624 [SECURITY] [DSA 4469-1] libvirt security update (BUGTRAQ)
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf (CONFIRM)
[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 (MLIST)
[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 (MLIST)
[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 (MLIST)
https://www.oracle.com/security-alerts/cpujul2020.html (MISC)
openSUSE-SU-2020:1325 (SUSE)
CVE: CVE-2022-40982
CVE: CVE-2022-40982
Id:
CVE-2022-40982
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982
Comment
: Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE:
203 (Information Exposure Through Discrepancy)
References:
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html (MISC)
https://downfall.page (MISC)
https://aws.amazon.com/security/security-bulletins/AWS-2023-007/ (MISC)
https://access.redhat.com/solutions/7027704 (MISC)
https://xenbits.xen.org/xsa/advisory-435.html (MISC)
https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html (MISC)
https://security.netapp.com/advisory/ntap-20230811-0001/ (MISC)
https://www.debian.org/security/2023/dsa-5475 (MISC)
https://www.debian.org/security/2023/dsa-5474 (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/ (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/ (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/ (MISC)
https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/ (MISC)
CVE: CVE-2023-0459
CVE: CVE-2023-0459
Id:
CVE-2023-0459
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0459
Comment
: Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
763 (Release of Invalid Pointer or Reference)
References:
https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c (MISC)
https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47 (MISC)
CVE: CVE-2023-1637
CVE: CVE-2023-1637
Id:
CVE-2023-1637
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1637
Comment
: A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
212 (Improper Cross-boundary Removal of Sensitive Data)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463 (MISC)
https://sourceware.org/bugzilla/show_bug.cgi?id=27398 (MISC)
CVE: CVE-2023-20569
CVE: CVE-2023-20569
Id:
CVE-2023-20569
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569
Comment
: A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.
CVSSv3 Score:
4.7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
203 (Information Exposure Through Discrepancy)
References:
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005 (MISC)
http://xenbits.xen.org/xsa/advisory-434.html (MISC)
http://www.openwall.com/lists/oss-security/2023/08/08/4 (MISC)
https://comsec.ethz.ch/research/microarch/inception/ (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/ (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/ (MISC)
https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html (MISC)
https://www.debian.org/security/2023/dsa-5475 (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/ (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/ (MISC)
CVE: CVE-2023-20593
CVE: CVE-2023-20593
Id:
CVE-2023-20593
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593
Comment
: An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
CWE-Other ()
References:
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008 (MISC)
http://www.openwall.com/lists/oss-security/2023/07/24/3 (MISC)
http://www.openwall.com/lists/oss-security/2023/07/25/6 (MISC)
http://www.openwall.com/lists/oss-security/2023/07/25/5 (MISC)
http://www.openwall.com/lists/oss-security/2023/07/25/1 (MISC)
http://www.openwall.com/lists/oss-security/2023/07/25/17 (MISC)
http://www.openwall.com/lists/oss-security/2023/07/25/12 (MISC)
http://www.openwall.com/lists/oss-security/2023/07/25/16 (MISC)
http://www.openwall.com/lists/oss-security/2023/07/25/15 (MISC)
http://www.openwall.com/lists/oss-security/2023/07/25/14 (MISC)
http://www.openwall.com/lists/oss-security/2023/07/25/13 (MISC)
http://seclists.org/fulldisclosure/2023/Jul/43 (MISC)
https://cmpxchg8b.com/zenbleed.html (MISC)
http://www.openwall.com/lists/oss-security/2023/07/26/1 (MISC)
http://xenbits.xen.org/xsa/advisory-433.html (MISC)
https://www.debian.org/security/2023/dsa-5459 (MISC)
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html (MISC)
https://www.debian.org/security/2023/dsa-5462 (MISC)
https://www.debian.org/security/2023/dsa-5461 (MISC)
https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html (MISC)
http://www.openwall.com/lists/oss-security/2023/07/31/2 (MISC)
https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/ (MISC)
http://www.openwall.com/lists/oss-security/2023/08/08/8 (MISC)
http://www.openwall.com/lists/oss-security/2023/08/08/7 (MISC)
http://www.openwall.com/lists/oss-security/2023/08/08/6 (MISC)
http://www.openwall.com/lists/oss-security/2023/08/16/4 (MISC)
http://www.openwall.com/lists/oss-security/2023/08/16/5 (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/ (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/ (MISC)
http://www.openwall.com/lists/oss-security/2023/09/22/9 (MISC)
http://www.openwall.com/lists/oss-security/2023/09/22/11 (MISC)
http://www.openwall.com/lists/oss-security/2023/09/25/4 (MISC)
http://www.openwall.com/lists/oss-security/2023/09/25/7 (MISC)
CVE: CVE-2023-2985
CVE: CVE-2023-2985
Id:
CVE-2023-2985
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2985
Comment
: A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07db5e247ab5858439b14dd7cc1fe538b9efcf32 (MISC)
CVE: CVE-2023-3106
CVE: CVE-2023-3106
Id:
CVE-2023-3106
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3106
Comment
: A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2221501 (MISC)
https://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb5635 (MISC)
https://access.redhat.com/security/cve/CVE-2023-3106 (MISC)
CVE: CVE-2023-3268
CVE: CVE-2023-3268
Id:
CVE-2023-3268
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3268
Comment
: An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
CVSSv3 Score:
7.1
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
DSA-5448 (DEBIAN)
[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update (MLIST)
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43ec16f1450f4936025a9bdf1a273affdb9732c1 (MISC)
DSA-5480 (DEBIAN)
https://security.netapp.com/advisory/ntap-20230824-0006/ (CONFIRM)
[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update (MLIST)
https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc%40wangsu.com/T/ ()
CVE: CVE-2023-35001
CVE: CVE-2023-35001
Id:
CVE-2023-35001
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001
Comment
: Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/ (MISC)
https://www.openwall.com/lists/oss-security/2023/07/05/3 (MISC)
http://www.openwall.com/lists/oss-security/2023/07/05/3 (MISC)
https://www.debian.org/security/2023/dsa-5453 (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/ (MISC)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/ (MISC)
http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html (MISC)
https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html (MISC)
https://security.netapp.com/advisory/ntap-20230824-0007/ (MISC)
http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-3567
CVE: CVE-2023-3567
Id:
CVE-2023-3567
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3567
Comment
: A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
CVSSv3 Score:
7.1
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE:
416 (Use After Free)
References:
https://www.spinics.net/lists/stable-commits/msg285184.html (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=2221463 (MISC)
https://access.redhat.com/security/cve/CVE-2023-3567 (MISC)
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html (MISC)
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html ()
RHSA-2024:0412 ()
RHSA-2024:0431 ()
RHSA-2024:0432 ()
RHSA-2024:0439 ()
RHSA-2024:0448 ()
RHSA-2024:0575 ()
RHSA-2024:2394 ()
CVE: CVE-2023-3611
CVE: CVE-2023-3611
Id:
CVE-2023-3611
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3611
Comment
: An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64 (MISC)
https://www.debian.org/security/2023/dsa-5480 (MISC)
https://security.netapp.com/advisory/ntap-20230908-0002/ (MISC)
https://www.debian.org/security/2023/dsa-5492 (MISC)
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html (MISC)
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
CVE: CVE-2023-3776
CVE: CVE-2023-3776
Id:
CVE-2023-3776
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3776
Comment
: A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0323bce598eea038714f941ce2b22541c46d488f (MISC)
https://kernel.dance/0323bce598eea038714f941ce2b22541c46d488f (MISC)
https://www.debian.org/security/2023/dsa-5480 (MISC)
https://www.debian.org/security/2023/dsa-5492 (MISC)
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html (MISC)
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html (MISC)
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html ()
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html ()
https://security.netapp.com/advisory/ntap-20240202-0003/ ()
Content available only for registered users!
ovaldb@altx-soft.com