Announcing new releases Alpha 3850.0.0, Beta 3815.1.0, Stable 3760.2.0
24 views
Skip to first unread message
Flatcar Container Linux User
Jan 18, 2024, 12:36:05 PMJan 18
to Flatcar Container Linux User
Hello,
We are pleased to announce a new Flatcar Container Linux release for the
Alpha, Beta, Stable channel.
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Alpha-3850001>Alpha 3850.0.0
*Changes since Alpha 3815.0.0*
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Security-fixes>Security
fixes:
- Linux (CVE-2022-27672 <https://nvd.nist.gov/vuln/detail/CVE-2022-27672>
, CVE-2022-40982 <https://nvd.nist.gov/vuln/detail/CVE-2022-40982>,
CVE-2022-4269 <https://nvd.nist.gov/vuln/detail/CVE-2022-4269>,
CVE-2022-45886 <https://nvd.nist.gov/vuln/detail/CVE-2022-45886>,
CVE-2022-45887 <https://nvd.nist.gov/vuln/detail/CVE-2022-45887>,
CVE-2022-45919 <https://nvd.nist.gov/vuln/detail/CVE-2022-45919>,
CVE-2022-48425 <https://nvd.nist.gov/vuln/detail/CVE-2022-48425>,
CVE-2023-0160 <https://nvd.nist.gov/vuln/detail/CVE-2023-0160>,
CVE-2023-0459 <https://nvd.nist.gov/vuln/detail/CVE-2023-0459>,
CVE-2023-1032 <https://nvd.nist.gov/vuln/detail/CVE-2023-1032>,
CVE-2023-1076 <https://nvd.nist.gov/vuln/detail/CVE-2023-1076>,
CVE-2023-1077 <https://nvd.nist.gov/vuln/detail/CVE-2023-1077>,
CVE-2023-1079 <https://nvd.nist.gov/vuln/detail/CVE-2023-1079>,
CVE-2023-1118 <https://nvd.nist.gov/vuln/detail/CVE-2023-1118>,
CVE-2023-1192 <https://nvd.nist.gov/vuln/detail/CVE-2023-1192>,
CVE-2023-1193 <https://nvd.nist.gov/vuln/detail/CVE-2023-1193>,
CVE-2023-1194 <https://nvd.nist.gov/vuln/detail/CVE-2023-1194>,
CVE-2023-1206 <https://nvd.nist.gov/vuln/detail/CVE-2023-1206>,
CVE-2023-1281 <https://nvd.nist.gov/vuln/detail/CVE-2023-1281>,
CVE-2023-1380 <https://nvd.nist.gov/vuln/detail/CVE-2023-1380>,
CVE-2023-1513 <https://nvd.nist.gov/vuln/detail/CVE-2023-1513>,
CVE-2023-1583 <https://nvd.nist.gov/vuln/detail/CVE-2023-1583>,
CVE-2023-1611 <https://nvd.nist.gov/vuln/detail/CVE-2023-1611>,
CVE-2023-1670 <https://nvd.nist.gov/vuln/detail/CVE-2023-1670>,
CVE-2023-1829 <https://nvd.nist.gov/vuln/detail/CVE-2023-1829>,
CVE-2023-1855 <https://nvd.nist.gov/vuln/detail/CVE-2023-1855>,
CVE-2023-1859 <https://nvd.nist.gov/vuln/detail/CVE-2023-1859>,
CVE-2023-1989 <https://nvd.nist.gov/vuln/detail/CVE-2023-1989>,
CVE-2023-1990 <https://nvd.nist.gov/vuln/detail/CVE-2023-1990>,
CVE-2023-1998 <https://nvd.nist.gov/vuln/detail/CVE-2023-1998>,
CVE-2023-2002 <https://nvd.nist.gov/vuln/detail/CVE-2023-2002>,
CVE-2023-20569 <https://nvd.nist.gov/vuln/detail/CVE-2023-20569>,
CVE-2023-20588 <https://nvd.nist.gov/vuln/detail/CVE-2023-20588>,
CVE-2023-20593 <https://nvd.nist.gov/vuln/detail/CVE-2023-20593>,
CVE-2023-2124 <https://nvd.nist.gov/vuln/detail/CVE-2023-2124>,
CVE-2023-21255 <https://nvd.nist.gov/vuln/detail/CVE-2023-21255>,
CVE-2023-21264 <https://nvd.nist.gov/vuln/detail/CVE-2023-21264>,
CVE-2023-2156 <https://nvd.nist.gov/vuln/detail/CVE-2023-2156>,
CVE-2023-2163 <https://nvd.nist.gov/vuln/detail/CVE-2023-2163>,
CVE-2023-2194 <https://nvd.nist.gov/vuln/detail/CVE-2023-2194>,
CVE-2023-2235 <https://nvd.nist.gov/vuln/detail/CVE-2023-2235>,
CVE-2023-2269 <https://nvd.nist.gov/vuln/detail/CVE-2023-2269>,
CVE-2023-25012 <https://nvd.nist.gov/vuln/detail/CVE-2023-25012>,
CVE-2023-25775 <https://nvd.nist.gov/vuln/detail/CVE-2023-25775>,
CVE-2023-2598 <https://nvd.nist.gov/vuln/detail/CVE-2023-2598>,
CVE-2023-26545 <https://nvd.nist.gov/vuln/detail/CVE-2023-26545>,
CVE-2023-28466 <https://nvd.nist.gov/vuln/detail/CVE-2023-28466>,
CVE-2023-28866 <https://nvd.nist.gov/vuln/detail/CVE-2023-28866>,
CVE-2023-2898 <https://nvd.nist.gov/vuln/detail/CVE-2023-2898>,
CVE-2023-2985 <https://nvd.nist.gov/vuln/detail/CVE-2023-2985>,
CVE-2023-30456 <https://nvd.nist.gov/vuln/detail/CVE-2023-30456>,
CVE-2023-30772 <https://nvd.nist.gov/vuln/detail/CVE-2023-30772>,
CVE-2023-3090 <https://nvd.nist.gov/vuln/detail/CVE-2023-3090>,
CVE-2023-31085 <https://nvd.nist.gov/vuln/detail/CVE-2023-31085>,
CVE-2023-31248 <https://nvd.nist.gov/vuln/detail/CVE-2023-31248>,
CVE-2023-3141 <https://nvd.nist.gov/vuln/detail/CVE-2023-3141>,
CVE-2023-31436 <https://nvd.nist.gov/vuln/detail/CVE-2023-31436>,
CVE-2023-3212 <https://nvd.nist.gov/vuln/detail/CVE-2023-3212>,
CVE-2023-3220 <https://nvd.nist.gov/vuln/detail/CVE-2023-3220>,
CVE-2023-32233 <https://nvd.nist.gov/vuln/detail/CVE-2023-32233>,
CVE-2023-32233 <https://nvd.nist.gov/vuln/detail/CVE-2023-32233>,
CVE-2023-32247 <https://nvd.nist.gov/vuln/detail/CVE-2023-32247>,
CVE-2023-32248 <https://nvd.nist.gov/vuln/detail/CVE-2023-32248>,
CVE-2023-32250 <https://nvd.nist.gov/vuln/detail/CVE-2023-32250>,
CVE-2023-32252 <https://nvd.nist.gov/vuln/detail/CVE-2023-32252>,
CVE-2023-32254 <https://nvd.nist.gov/vuln/detail/CVE-2023-32254>,
CVE-2023-32257 <https://nvd.nist.gov/vuln/detail/CVE-2023-32257>,
CVE-2023-32258 <https://nvd.nist.gov/vuln/detail/CVE-2023-32258>,
CVE-2023-3268 <https://nvd.nist.gov/vuln/detail/CVE-2023-3268>,
CVE-2023-3269 <https://nvd.nist.gov/vuln/detail/CVE-2023-3269>,
CVE-2023-3312 <https://nvd.nist.gov/vuln/detail/CVE-2023-3312>,
CVE-2023-3317 <https://nvd.nist.gov/vuln/detail/CVE-2023-3317>,
CVE-2023-33203 <https://nvd.nist.gov/vuln/detail/CVE-2023-33203>,
CVE-2023-33250 <https://nvd.nist.gov/vuln/detail/CVE-2023-33250>,
CVE-2023-33288 <https://nvd.nist.gov/vuln/detail/CVE-2023-33288>,
CVE-2023-3355 <https://nvd.nist.gov/vuln/detail/CVE-2023-3355>,
CVE-2023-3390 <https://nvd.nist.gov/vuln/detail/CVE-2023-3390>,
CVE-2023-33951 <https://nvd.nist.gov/vuln/detail/CVE-2023-33951>,
CVE-2023-33951 <https://nvd.nist.gov/vuln/detail/CVE-2023-33951>,
CVE-2023-33952 <https://nvd.nist.gov/vuln/detail/CVE-2023-33952>,
CVE-2023-34256 <https://nvd.nist.gov/vuln/detail/CVE-2023-34256>,
CVE-2023-34319 <https://nvd.nist.gov/vuln/detail/CVE-2023-34319>,
CVE-2023-34324 <https://nvd.nist.gov/vuln/detail/CVE-2023-34324>,
CVE-2023-35001 <https://nvd.nist.gov/vuln/detail/CVE-2023-35001>,
CVE-2023-35788 <https://nvd.nist.gov/vuln/detail/CVE-2023-35788>,
CVE-2023-35823 <https://nvd.nist.gov/vuln/detail/CVE-2023-35823>,
CVE-2023-35824 <https://nvd.nist.gov/vuln/detail/CVE-2023-35824>,
CVE-2023-35826 <https://nvd.nist.gov/vuln/detail/CVE-2023-35826>,
CVE-2023-35826 <https://nvd.nist.gov/vuln/detail/CVE-2023-35826>,
CVE-2023-35827 <https://nvd.nist.gov/vuln/detail/CVE-2023-35827>,
CVE-2023-35828 <https://nvd.nist.gov/vuln/detail/CVE-2023-35828>,
CVE-2023-35829 <https://nvd.nist.gov/vuln/detail/CVE-2023-35829>,
CVE-2023-3609 <https://nvd.nist.gov/vuln/detail/CVE-2023-3609>,
CVE-2023-3610 <https://nvd.nist.gov/vuln/detail/CVE-2023-3610>,
CVE-2023-3611 <https://nvd.nist.gov/vuln/detail/CVE-2023-3611>,
CVE-2023-37453 <https://nvd.nist.gov/vuln/detail/CVE-2023-37453>,
CVE-2023-3772 <https://nvd.nist.gov/vuln/detail/CVE-2023-3772>,
CVE-2023-3773 <https://nvd.nist.gov/vuln/detail/CVE-2023-3773>,
CVE-2023-3776 <https://nvd.nist.gov/vuln/detail/CVE-2023-3776>,
CVE-2023-3777 <https://nvd.nist.gov/vuln/detail/CVE-2023-3777>,
CVE-2023-38409 <https://nvd.nist.gov/vuln/detail/CVE-2023-38409>,
CVE-2023-38426 <https://nvd.nist.gov/vuln/detail/CVE-2023-38426>,
CVE-2023-38427 <https://nvd.nist.gov/vuln/detail/CVE-2023-38427>,
CVE-2023-38428 <https://nvd.nist.gov/vuln/detail/CVE-2023-38428>,
CVE-2023-38429 <https://nvd.nist.gov/vuln/detail/CVE-2023-38429>,
CVE-2023-38430 <https://nvd.nist.gov/vuln/detail/CVE-2023-38430>,
CVE-2023-38431 <https://nvd.nist.gov/vuln/detail/CVE-2023-38431>,
CVE-2023-38432 <https://nvd.nist.gov/vuln/detail/CVE-2023-38432>,
CVE-2023-3863 <https://nvd.nist.gov/vuln/detail/CVE-2023-3863>,
CVE-2023-3865 <https://nvd.nist.gov/vuln/detail/CVE-2023-3865>,
CVE-2023-3866 <https://nvd.nist.gov/vuln/detail/CVE-2023-3866>,
CVE-2023-3867 <https://nvd.nist.gov/vuln/detail/CVE-2023-3867>,
CVE-2023-39189 <https://nvd.nist.gov/vuln/detail/CVE-2023-39189>,
CVE-2023-39191 <https://nvd.nist.gov/vuln/detail/CVE-2023-39191>,
CVE-2023-39192 <https://nvd.nist.gov/vuln/detail/CVE-2023-39192>,
CVE-2023-39192 <https://nvd.nist.gov/vuln/detail/CVE-2023-39192>,
CVE-2023-39193 <https://nvd.nist.gov/vuln/detail/CVE-2023-39193>,
CVE-2023-39194 <https://nvd.nist.gov/vuln/detail/CVE-2023-39194>,
CVE-2023-39197 <https://nvd.nist.gov/vuln/detail/CVE-2023-39197>,
CVE-2023-39198 <https://nvd.nist.gov/vuln/detail/CVE-2023-39198>,
CVE-2023-4004 <https://nvd.nist.gov/vuln/detail/CVE-2023-4004>,
CVE-2023-4015 <https://nvd.nist.gov/vuln/detail/CVE-2023-4015>,
CVE-2023-40283 <https://nvd.nist.gov/vuln/detail/CVE-2023-40283>,
CVE-2023-40791 <https://nvd.nist.gov/vuln/detail/CVE-2023-40791>,
CVE-2023-4132 <https://nvd.nist.gov/vuln/detail/CVE-2023-4132>,
CVE-2023-4133 <https://nvd.nist.gov/vuln/detail/CVE-2023-4133>,
CVE-2023-4134 <https://nvd.nist.gov/vuln/detail/CVE-2023-4134>,
CVE-2023-4147 <https://nvd.nist.gov/vuln/detail/CVE-2023-4147>,
CVE-2023-4155 <https://nvd.nist.gov/vuln/detail/CVE-2023-4155>,
CVE-2023-4194 <https://nvd.nist.gov/vuln/detail/CVE-2023-4194>,
CVE-2023-4206 <https://nvd.nist.gov/vuln/detail/CVE-2023-4206>,
CVE-2023-4207 <https://nvd.nist.gov/vuln/detail/CVE-2023-4207>,
CVE-2023-4208 <https://nvd.nist.gov/vuln/detail/CVE-2023-4208>,
CVE-2023-4244 <https://nvd.nist.gov/vuln/detail/CVE-2023-4244>,
CVE-2023-4273 <https://nvd.nist.gov/vuln/detail/CVE-2023-4273>,
CVE-2023-42752 <https://nvd.nist.gov/vuln/detail/CVE-2023-42752>,
CVE-2023-42752 <https://nvd.nist.gov/vuln/detail/CVE-2023-42752>,
CVE-2023-42753 <https://nvd.nist.gov/vuln/detail/CVE-2023-42753>,
CVE-2023-42754 <https://nvd.nist.gov/vuln/detail/CVE-2023-42754>,
CVE-2023-42756 <https://nvd.nist.gov/vuln/detail/CVE-2023-42756>,
CVE-2023-44466 <https://nvd.nist.gov/vuln/detail/CVE-2023-44466>,
CVE-2023-4569 <https://nvd.nist.gov/vuln/detail/CVE-2023-4569>,
CVE-2023-45862 <https://nvd.nist.gov/vuln/detail/CVE-2023-45862>,
CVE-2023-45863 <https://nvd.nist.gov/vuln/detail/CVE-2023-45863>,
CVE-2023-45871 <https://nvd.nist.gov/vuln/detail/CVE-2023-45871>,
CVE-2023-45871 <https://nvd.nist.gov/vuln/detail/CVE-2023-45871>,
CVE-2023-45898 <https://nvd.nist.gov/vuln/detail/CVE-2023-45898>,
CVE-2023-4611 <https://nvd.nist.gov/vuln/detail/CVE-2023-4611>,
CVE-2023-4623 <https://nvd.nist.gov/vuln/detail/CVE-2023-4623>,
CVE-2023-46813 <https://nvd.nist.gov/vuln/detail/CVE-2023-46813>,
CVE-2023-46862 <https://nvd.nist.gov/vuln/detail/CVE-2023-46862>,
CVE-2023-4921 <https://nvd.nist.gov/vuln/detail/CVE-2023-4921>,
CVE-2023-5090 <https://nvd.nist.gov/vuln/detail/CVE-2023-5090>,
CVE-2023-5158 <https://nvd.nist.gov/vuln/detail/CVE-2023-5158>,
CVE-2023-51779 <https://nvd.nist.gov/vuln/detail/CVE-2023-51779>,
CVE-2023-51780 <https://nvd.nist.gov/vuln/detail/CVE-2023-51780>,
CVE-2023-51781 <https://nvd.nist.gov/vuln/detail/CVE-2023-51781>,
CVE-2023-51782 <https://nvd.nist.gov/vuln/detail/CVE-2023-51782>,
CVE-2023-5197 <https://nvd.nist.gov/vuln/detail/CVE-2023-5197>,
CVE-2023-5345 <https://nvd.nist.gov/vuln/detail/CVE-2023-5345>,
CVE-2023-5633 <https://nvd.nist.gov/vuln/detail/CVE-2023-5633>,
CVE-2023-5717 <https://nvd.nist.gov/vuln/detail/CVE-2023-5717>,
CVE-2023-5972 <https://nvd.nist.gov/vuln/detail/CVE-2023-5972>,
CVE-2023-6039 <https://nvd.nist.gov/vuln/detail/CVE-2023-6039>,
CVE-2023-6111 <https://nvd.nist.gov/vuln/detail/CVE-2023-6111>,
CVE-2023-6121 <https://nvd.nist.gov/vuln/detail/CVE-2023-6121>,
CVE-2023-6176 <https://nvd.nist.gov/vuln/detail/CVE-2023-6176>,
CVE-2023-6531 <https://nvd.nist.gov/vuln/detail/CVE-2023-6531>,
CVE-2023-6546 <https://nvd.nist.gov/vuln/detail/CVE-2023-6546>,
CVE-2023-6560 <https://nvd.nist.gov/vuln/detail/CVE-2023-6560>,
CVE-2023-6606 <https://nvd.nist.gov/vuln/detail/CVE-2023-6606>,
CVE-2023-6622 <https://nvd.nist.gov/vuln/detail/CVE-2023-6622>,
CVE-2023-6817 <https://nvd.nist.gov/vuln/detail/CVE-2023-6817>,
CVE-2023-6931 <https://nvd.nist.gov/vuln/detail/CVE-2023-6931>,
CVE-2023-6932 <https://nvd.nist.gov/vuln/detail/CVE-2023-6932>,
CVE-2023-7192 <https://nvd.nist.gov/vuln/detail/CVE-2023-7192>,
CVE-2024-0193 <https://nvd.nist.gov/vuln/detail/CVE-2024-0193>,
CVE-2024-0443 <https://nvd.nist.gov/vuln/detail/CVE-2024-0443>)
- binutils (CVE-2023-1972
<https://nvd.nist.gov/vuln/detail/CVE-2023-1972>)
- curl (CVE-2023-46218 <https://nvd.nist.gov/vuln/detail/CVE-2023-46218>
, CVE-2023-46219 <https://nvd.nist.gov/vuln/detail/CVE-2023-46219>)
- gnutls (CVE-2023-5981 <https://nvd.nist.gov/vuln/detail/CVE-2023-5981>)
- intel-microcode (CVE-2023-23583
<https://nvd.nist.gov/vuln/detail/CVE-2023-23583>)
- libxml2 (CVE-2023-45322
<https://nvd.nist.gov/vuln/detail/CVE-2023-45322>)
- openssh (CVE-2023-48795
<https://nvd.nist.gov/vuln/detail/CVE-2023-48795>, CVE-2023-51384
<https://nvd.nist.gov/vuln/detail/CVE-2023-51384>, CVE-2023-51385
<https://nvd.nist.gov/vuln/detail/CVE-2023-51385>)
- openssl (CVE-2023-3817 <https://nvd.nist.gov/vuln/detail/CVE-2023-3817>
, CVE-2023-5363 <https://nvd.nist.gov/vuln/detail/CVE-2023-5363>,
CVE-2023-5678 <https://nvd.nist.gov/vuln/detail/CVE-2023-5678>)
- perl (CVE-2023-47038 <https://nvd.nist.gov/vuln/detail/CVE-2023-47038>)
- traceroute (CVE-2023-46316
<https://nvd.nist.gov/vuln/detail/CVE-2023-46316>)
- vim (CVE-2023-5344 <https://nvd.nist.gov/vuln/detail/CVE-2023-5344>,
CVE-2023-5441 <https://nvd.nist.gov/vuln/detail/CVE-2023-5441>,
CVE-2023-5535 <https://nvd.nist.gov/vuln/detail/CVE-2023-5535>,
CVE-2023-46246 <https://nvd.nist.gov/vuln/detail/CVE-2023-46246>)
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Bug-fixes>Bug fixes:
- AWS: Fixed the Amazon SSM agent that was crashing. (Flatcar#1307
<https://github.com/flatcar/Flatcar/issues/1307>)
- Fixed a bug resulting in coreos-cloudinit resetting the instance
hostname to ‘localhost’ if no metadata could be found (
coreos-cloudinit#25 <https://github.com/flatcar/coreos-cloudinit/pull/25>
, Flatcar#1262 <https://github.com/flatcar/Flatcar/issues/1262>), with
contributions from MichaelEischer <https://github.com/MichaelEischer>
- Fixed supplying extension update payloads with a custom base URL in
Nebraska (Flatcar#1281 <https://github.com/flatcar/Flatcar/issues/1281>)
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Changes>Changes:
- Update generation SLSA provenance info from v0.2 to v1.0.
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Updates>Updates:
- Go (1.20.13 <https://go.dev/doc/devel/release#go1.20.13>)
- Linux (6.6.12 <https://lwn.net/Articles/958342> (includes 6.6.11
<https://lwn.net/Articles/957375>, 6.6.10
<https://lwn.net/Articles/957008>, 6.6.9
<https://lwn.net/Articles/956525>, 6.6.8
<https://lwn.net/Articles/955813>, 6.6.7
<https://lwn.net/Articles/954990/> and 6.6
<https://kernelnewbies.org/Linux_6.6>)
- Linux Firmware (20231211
<https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231211>
)
- bash (5.2_p21
<https://git.savannah.gnu.org/cgit/bash.git/log/?id=2bb3cbefdb8fd019765b1a9cc42ecf37ff22fec6>
)
- binutils (2.41
<https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00009.html>)
- bpftool (6.5.7
<https://kernelnewbies.org/Linux_6.5#Tracing.2C_perf_and_BPF>)
- c-ares (1.21.0 <https://c-ares.org/changelog.html#1_21_0>)
- ca-certificates (3.96.1
<https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html>
(includes 3.96
<https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96.html>
))
- containerd (1.7.11
<https://github.com/containerd/containerd/releases/tag/v1.7.11>)
- coreutils (9.4
<https://lists.gnu.org/archive/html/info-gnu/2023-08/msg00007.html>)
- curl (8.5.0 <https://curl.se/changes.html#8_5_0>)
- elfutils (0.190
<https://sourceware.org/git/?p=elfutils.git;a=blob;f=NEWS;h=0420d3b8376877c1b11712f1aad90a2e2b6f6d06;hb=c1058da5a450e33e72b72abb53bc3ffd7f6b361b>
)
- gawk (5.3.0 <https://lwn.net/Articles/949829/>)
- gettext (0.22.4 <https://savannah.gnu.org/news/?id=10544>)
- glib (2.78.3 <https://gitlab.gnome.org/GNOME/glib/-/blob/2.78.3/NEWS>)
- gnutls (3.8.2
<https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html>
)
- groff (1.23.0
<https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00001.html>)
- hwdata (0.376 <https://github.com/vcrhonek/hwdata/commits/v0.376>)
- intel-microcode (20231114_p20231114
<https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20231114>
)
- iproute2 (6.6.0
<https://marc.info/?l=linux-netdev&m=169929000929786&w=2>)
- ipset (7.19
<https://git.netfilter.org/ipset/tree/ChangeLog?id=ce6db35a0ea950e850ebe7c50ce46908c1c3bb2b>
)
- jq (1.7.1 <https://github.com/jqlang/jq/releases/tag/jq-1.7.1>
(includes 1.7 <https://github.com/jqlang/jq/releases/tag/jq-1.7>))
- kbd (2.6.4 <https://github.com/legionus/kbd/releases/tag/v2.6.4>)
- kmod (31 <https://github.com/kmod-project/kmod/blob/v31/NEWS>)
- libarchive (3.7.2
<https://github.com/libarchive/libarchive/releases/tag/v3.7.2>)
- libdnet (1.16.4
<https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.4>)
- libksba (1.6.5
<https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=blob;f=NEWS;h=369cfb5d91bf232685a6c5b156453a624e11ed67;hb=7b3e4785e54280d1a13c5bc839bdc6722d898ac7>
)
- libnsl (2.0.1 <https://github.com/thkukuk/libnsl/releases/tag/v2.0.1>)
- lsof (4.99.0
<https://github.com/lsof-org/lsof/blob/4.99.0/00DIST#L5523>)
- lz4 (1.9.4 <https://github.com/lz4/lz4/releases/tag/v1.9.4>)
- openssh (9.6p1 <https://www.openssh.com/releasenotes.html#9.6p1>)
- openssl (3.0.12
<https://github.com/openssl/openssl/blob/openssl-3.0.12/NEWS.md#major-changes-between-openssl-3011-and-openssl-3012-24-oct-2023>
)
- readline (8.2_p7
<https://git.savannah.gnu.org/cgit/readline.git/log/?id=bfe9c573a9e376323929c80b2b71c59727fab0cc>
)
- selinux-base (2.20231002
<https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20231002>
)
- selinux-base-policy (2.20231002
<https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20231002>
)
- selinux-container (2.20231002
<https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20231002>
)
- selinux-dbus (2.20231002
<https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20231002>
)
- selinux-sssd (2.20231002
<https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20231002>
)
- selinux-unconfined (2.20231002
<https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20231002>
)
- sqlite (3.44.2 <https://www.sqlite.org/releaselog/3_44_2.html>)
- strace (6.6 <https://github.com/strace/strace/releases/tag/v6.6>)
- traceroute (2.1.3
<https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/>
)
- usbutils (016
<https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbutils.git/tree/NEWS?h=v016>
)
- util-linux (2.39.2
<https://github.com/util-linux/util-linux/blob/v2.39.2/Documentation/releases/v2.39.2-ReleaseNotes>
)
- vim (9.0.2092 <https://github.com/vim/vim/commits/v9.0.2092/>)
- whois (5.5.20
<https://github.com/rfc1036/whois/blob/v5.5.20/debian/changelog>)
- xmlsec (1.3.2
<https://github.com/lsh123/xmlsec/releases/tag/xmlsec_1_3_2>)
- xz-utils (5.4.5
<https://github.com/tukaani-project/xz/releases/tag/v5.4.5>)
- zlib (1.3 <https://github.com/madler/zlib/releases/tag/v1.3>)
- SDK: gentoolkit (0.6.3
<https://gitweb.gentoo.org/proj/gentoolkit.git/log/?h=gentoolkit-0.6.3>)
- SDK: libxslt (1.1.39
<https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39>)
- SDK: perl (5.38.2 <https://perldoc.perl.org/5.38.2/perldelta>)
- SDK: portage (3.0.59
<https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.59>)
- SDK: python (3.11.7
<https://www.python.org/downloads/release/python-3117/>)
- SDK: repo (2.37)
- SDK: Rust (1.75.0
<https://github.com/rust-lang/rust/releases/tag/1.75.0> (includes 1.74.1
<https://github.com/rust-lang/rust/releases/tag/1.74.1>))
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Beta-3815101>Beta 3815.1.0
*Changes since Beta 3760.1.1*
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Security-fixes1>Security
fixes:
- Linux (CVE-2023-1193 <https://nvd.nist.gov/vuln/detail/CVE-2023-1193>,
CVE-2023-51779 <https://nvd.nist.gov/vuln/detail/CVE-2023-51779>,
CVE-2023-51780 <https://nvd.nist.gov/vuln/detail/CVE-2023-51780>,
CVE-2023-51781 <https://nvd.nist.gov/vuln/detail/CVE-2023-51781>,
CVE-2023-51782 <https://nvd.nist.gov/vuln/detail/CVE-2023-51782>,
CVE-2023-6531 <https://nvd.nist.gov/vuln/detail/CVE-2023-6531>,
CVE-2023-6606 <https://nvd.nist.gov/vuln/detail/CVE-2023-6606>,
CVE-2023-6622 <https://nvd.nist.gov/vuln/detail/CVE-2023-6622>,
CVE-2023-6817 <https://nvd.nist.gov/vuln/detail/CVE-2023-6817>,
CVE-2023-6931 <https://nvd.nist.gov/vuln/detail/CVE-2023-6931>)
- Go (CVE-2023-39326 <https://nvd.nist.gov/vuln/detail/CVE-2023-39326>,
CVE-2023-45285 <https://nvd.nist.gov/vuln/detail/CVE-2023-45285>)
- VMWare: open-vm-tools (CVE-2023-34058
<https://nvd.nist.gov/vuln/detail/CVE-2023-34058>, CVE-2023-34059
<https://nvd.nist.gov/vuln/detail/CVE-2023-34059>)
- nghttp2 (CVE-2023-44487
<https://nvd.nist.gov/vuln/detail/CVE-2023-44487>)
- samba (CVE-2023-4091 <https://nvd.nist.gov/vuln/detail/CVE-2023-4091>)
- zlib (CVE-2023-45853 <https://nvd.nist.gov/vuln/detail/CVE-2023-45853>)
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Bug-fixes1>Bug fixes:
- AWS: Fixed the Amazon SSM agent that was crashing. (Flatcar#1307
<https://github.com/flatcar/Flatcar/issues/1307>)
- Fixed a bug resulting in coreos-cloudinit resetting the instance
hostname to ‘localhost’ if no metadata could be found (
coreos-cloudinit#25 <https://github.com/flatcar/coreos-cloudinit/pull/25>
, Flatcar#1262 <https://github.com/flatcar/Flatcar/issues/1262>), with
contributions from MichaelEischer <https://github.com/MichaelEischer>
- Fixed supplying extension update payloads with a custom base URL in
Nebraska (Flatcar#1281 <https://github.com/flatcar/Flatcar/issues/1281>)
- Set TTY used for fetching server_context to RAW mode before running
cloudinit on cloudsigma (scripts#1280
<https://github.com/flatcar/scripts/pull/1280>)
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Changes1>Changes:
- Torcx, the mechanism to provide a custom Docker version, was replaced
by systemd-sysext in the OS image. Learn more about sysext and how to
customise OS images here
<https://www.flatcar.org/docs/latest/provisioning/sysext/> and read the
blogpost about the replacement here
<https://www.flatcar.org/blog/2023/12/extending-flatcar-say-goodbye-to-torcx-and-hello-to-systemd-sysext/>
.
- Torcx entered deprecation 2 years ago in favour of deploying plain
Docker binaries
<https://www.flatcar.org/docs/latest/container-runtimes/use-a-custom-docker-or-containerd-version/>
(which is now also a legacy option because systemd-sysext offers a
more robust and better structured way of customisation, including OS
independent updates).
- Torcx has been removed entirely; if you use Torcx to extend the
Flatcar base OS image, please refer to our conversion script
<https://www.flatcar.org/docs/latest/provisioning/sysext/#torcx-deprecation> and
to the sysext documentation mentioned above for migrating.
- Consequently, update_engine will not perform torcx sanity checks
post-update anymore.
- Relevant changes: scripts#1216
<https://github.com/flatcar/scripts/pull/1216>, update_engine#30
<https://github.com/flatcar/update_engine/pull/30>, Mantle#466
<https://github.com/flatcar/mantle/pull/466>, Mantle#465
<https://github.com/flatcar/mantle/pull/465>.
- cri-tools, runc, containerd, docker, and docker-cli are now built from
Gentoo upstream ebuilds. Docker received a major version upgrade - it was
updated to Docker 24 (from Docker 20; see “updates”).
- NOTE: The docker btrfs storage driver has been de-prioritised;
BTRFS backed storage will now default to the overlay2 driver
(changelog
<https://docs.docker.com/engine/release-notes/23.0/#bug-fixes-and-enhancements-6>
, upstream pr <https://github.com/moby/moby/pull/42661>).
Using the btrfs driver can still be enforced by creating a respective docker
config
<https://docs.docker.com/storage/storagedriver/btrfs-driver/#configure-docker-to-use-the-btrfs-storage-driver>
at /etc/docker/daemon.json.
- NOTE: If you are already using btrfs-backed Docker storage and are
upgrading to this new version, Docker will automatically use the btrfs storage
driver for backwards-compatibility with your deployment.
- Docker will remove the btrfs driver entirely in a future
version. Please consider migrating your deployments to the overlay2
driver.
- GCP OEM images now use a systemd-sysext image for layering
additional platform-specific software on top of /usr and being part of
the OEM A/B updates (flatcar#1146
<https://github.com/flatcar/Flatcar/issues/1146>)
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Updates1>Updates:
- Azure: WALinuxAgent (v2.9.1.1
<https://github.com/Azure/WALinuxAgent/releases/tag/v2.9.1.1>)
- DEV, AZURE: python (3.11.6
<https://docs.python.org/release/3.11.6/whatsnew/changelog.html#python-3-11-6>
)
- DEV: iperf (3.15 <https://github.com/esnet/iperf/releases/tag/3.15>)
- DEV: smartmontools (7.4
<https://www.smartmontools.org/browser/tags/RELEASE_7_4/smartmontools/NEWS>
)
- Go (1.20.12 <https://go.dev/doc/devel/release#go1.20.12> (includes
1.20.11 <https://go.dev/doc/devel/release#go1.20.11>))
- Linux (6.1.73 <https://lwn.net/Articles/958343> (includes 6.1.72
<https://lwn.net/Articles/957376>, 6.1.71
<https://lwn.net/Articles/957009>, 6.1.70
<https://lwn.net/Articles/956526>, 6.1.69
<https://lwn.net/Articles/955814>, 6.1.68
<https://lwn.net/Articles/954989/>, 6.1.67
<https://lwn.net/Articles/954455>, 6.1.60
<https://lwn.net/Articles/948817> and 6.1.59
<https://lwn.net/Articles/948297>))
- Linux Firmware (20231111
<https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231111>
(includes 20231030
<https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20231030>
))
- SDK: Rust (1.73.0
<https://github.com/rust-lang/rust/releases/tag/1.73.0>)
- SDK: python packaging (23.2
<https://github.com/pypa/packaging/releases/tag/23.2>), platformdirs (
3.11.0 <https://github.com/platformdirs/platformdirs/releases/tag/3.11.0>
)
- VMWare: open-vm-tools (12.3.5
<https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.5>)
- acpid (2.0.34
<https://sourceforge.net/p/acpid2/code/ci/2.0.34/tree/Changelog>)
- ca-certificates (3.96.1
<https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html>
(includes 3.96
<https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96.html>
))
- containerd (1.7.10
<https://github.com/containerd/containerd/releases/tag/v1.7.10> includes
(1.7.9 <https://github.com/containerd/containerd/releases/tag/v1.7.9>
and 1.7.8 <https://github.com/containerd/containerd/releases/tag/v1.7.8>
))
- cri-tools (1.27.0
<https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.27.0>)
- ding-libs (0.6.2 <https://github.com/SSSD/ding-libs/releases/tag/0.6.2>
)
- docker (24.0.6 <https://docs.docker.com/engine/release-notes/24.0/>,
includes changes from 23.0
<https://docs.docker.com/engine/release-notes/23.0/>)
- efibootmgr (18 <https://github.com/rhboot/efibootmgr/releases/tag/18>)
- efivar (38 <https://github.com/rhboot/efivar/releases/tag/38>)
- ethtool (6.5
<https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.5>
)
- hwdata (0.375 <https://github.com/vcrhonek/hwdata/releases/tag/v0.375> includes
(0.374 <https://github.com/vcrhonek/hwdata/commits/v0.374>))
- iproute2 (6.5.0
<https://marc.info/?l=linux-netdev&m=169401822317373&w=2>)
- ipvsadm (1.31
<https://git.kernel.org/pub/scm/utils/kernel/ipvsadm/ipvsadm.git/tag/?h=v1.31>
(includes 1.28
<https://git.kernel.org/pub/scm/utils/kernel/ipvsadm/ipvsadm.git/tag/?h=v1.28>
, 1.29
<https://git.kernel.org/pub/scm/utils/kernel/ipvsadm/ipvsadm.git/tag/?h=v1.29>
and 1.30
<https://git.kernel.org/pub/scm/utils/kernel/ipvsadm/ipvsadm.git/tag/?h=v1.30>
))
- json-c (0.17
<https://github.com/json-c/json-c/blob/json-c-0.17-20230812/ChangeLog>)
- libffi (3.4.4 <https://github.com/libffi/libffi/releases/tag/v3.4.4>
(includes 3.4.2 <https://github.com/libffi/libffi/releases/tag/v3.4.2>
and 3.4.3 <https://github.com/libffi/libffi/releases/tag/v3.4.3>))
- liblinear (246)
- libmnl (1.0.5 <https://git.netfilter.org/libmnl/log/?h=libmnl-1.0.5>)
- libnetfilter_conntrack (1.0.9
<https://git.netfilter.org/libnetfilter_conntrack/log/?h=libnetfilter_conntrack-1.0.9>
)
- libnetfilter_cthelper (1.0.1
<https://git.netfilter.org/libnetfilter_cthelper/log/?id=8cee0347cc6969c39bb64000dfaa676a8f9e30f0>
)
- libnetfilter_cttimeout (1.0.1
<https://git.netfilter.org/libnetfilter_cttimeout/log/?id=068d36d6291f53a0a609ab1f695aa06e94ce3d30>
)
- libnfnetlink (1.0.2
<https://git.netfilter.org/libnfnetlink/log/?h=libnfnetlink-1.0.2>)
- libsodium (1.0.19
<https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE>)
- libunistring (1.1
<https://git.savannah.gnu.org/gitweb/?p=libunistring.git;a=blob;f=NEWS;h=5a43ddd7011d62a952733f6c0b7ad52aa4f385c7;hb=8006860b710aae2e8442088c3ddc7d819dfa8ac7>
)
- libunwind (1.7.2
<https://github.com/libunwind/libunwind/releases/tag/v1.7.2> (includes
1.7.0 <https://github.com/libunwind/libunwind/releases/tag/v1.7.0>))
- liburing (2.3
<https://github.com/axboe/liburing/blob/liburing-2.3/CHANGELOG>)
- mpc (1.3.1
<https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00049.html>
(includes 1.3.0
<https://sympa.inria.fr/sympa/arc/mpc-discuss/2022-12/msg00028.html>)
- mpfr (4.2.1 <https://gitlab.inria.fr/mpfr/mpfr/-/blob/4.2.1/NEWS>)
- nghttp2 (1.57.0
<https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0> (includes
1.52.0 <https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0>, 1.53.0
<https://github.com/nghttp2/nghttp2/releases/tag/v1.53.0>, 1.54.0
<https://github.com/nghttp2/nghttp2/releases/tag/v1.54.0>, 1.55.0
<https://github.com/nghttp2/nghttp2/releases/tag/v1.55.0>, 1.55.1
<https://github.com/nghttp2/nghttp2/releases/tag/v1.55.1> and 1.56.0
<https://github.com/nghttp2/nghttp2/releases/tag/v1.56.0>))
- nspr (4.35
<https://hg.mozilla.org/projects/nspr/log/b563bfc16c887c48b038b7b441fcc4e40a126d3b>
)
- ntp (4.2.8p17
<https://www.ntp.org/support/securitynotice/4_2_8p17-release-announcement/>
)
- nvme-cli (v2.6
<https://github.com/linux-nvme/nvme-cli/releases/tag/v2.6>, libnvme v1.6
<https://github.com/linux-nvme/libnvme/releases/tag/v1.6>)
- protobuf (21.12
<https://github.com/protocolbuffers/protobuf/releases/tag/v21.12>
(includes 21.10
<https://github.com/protocolbuffers/protobuf/releases/tag/v21.10> and
21.11 <https://github.com/protocolbuffers/protobuf/releases/tag/v21.11>))
- samba (4.18.8 <https://www.samba.org/samba/history/samba-4.18.8.html>)
- sqlite (3.43.2 <https://www.sqlite.org/releaselog/3_43_2.html>)
- squashfs-tools (4.6.1
<https://github.com/plougher/squashfs-tools/releases/tag/4.6.1>
(includes 4.6
<https://github.com/plougher/squashfs-tools/releases/tag/4.6>))
- thin-provisioning-tools (1.0.6
<https://github.com/jthornber/thin-provisioning-tools/blob/v1.0.6/CHANGES>
)
*Changes since Alpha 3815.0.0*
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Security-fixes2>Security
fixes:
- Linux (CVE-2023-1193 <https://nvd.nist.gov/vuln/detail/CVE-2023-1193>,
CVE-2023-51779 <https://nvd.nist.gov/vuln/detail/CVE-2023-51779>,
CVE-2023-51780 <https://nvd.nist.gov/vuln/detail/CVE-2023-51780>,
CVE-2023-51781 <https://nvd.nist.gov/vuln/detail/CVE-2023-51781>,
CVE-2023-51782 <https://nvd.nist.gov/vuln/detail/CVE-2023-51782>,
CVE-2023-6531 <https://nvd.nist.gov/vuln/detail/CVE-2023-6531>,
CVE-2023-6606 <https://nvd.nist.gov/vuln/detail/CVE-2023-6606>,
CVE-2023-6622 <https://nvd.nist.gov/vuln/detail/CVE-2023-6622>,
CVE-2023-6817 <https://nvd.nist.gov/vuln/detail/CVE-2023-6817>,
CVE-2023-6931 <https://nvd.nist.gov/vuln/detail/CVE-2023-6931>)
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Bug-fixes2>Bug fixes:
- AWS: Fixed the Amazon SSM agent that was crashing. (Flatcar#1307
<https://github.com/flatcar/Flatcar/issues/1307>)
- Fixed a bug resulting in coreos-cloudinit resetting the instance
hostname to ‘localhost’ if no metadata could be found (
coreos-cloudinit#25 <https://github.com/flatcar/coreos-cloudinit/pull/25>
, Flatcar#1262 <https://github.com/flatcar/Flatcar/issues/1262>), with
contributions from MichaelEischer <https://github.com/MichaelEischer>
- Fixed supplying extension update payloads with a custom base URL in
Nebraska (Flatcar#1281 <https://github.com/flatcar/Flatcar/issues/1281>)
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Updates2>Updates:
- Linux (6.1.73 <https://lwn.net/Articles/958343> (includes 6.1.72
<https://lwn.net/Articles/957376>, 6.1.71
<https://lwn.net/Articles/957009>, 6.1.70
<https://lwn.net/Articles/956526>, 6.1.69
<https://lwn.net/Articles/955814>, 6.1.68
<https://lwn.net/Articles/954989/> and 6.1.67
<https://lwn.net/Articles/954455>))
- ca-certificates (3.96.1
<https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html>
(includes 3.96
<https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96.html>
))
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Stable-3760201>Stable
3760.2.0
⚠️ From Alpha 3794.0.0 Torcx has been removed - please assert that you
don’t rely on specific Torcx mechanism but now use systemd-sysext. See here
<https://www.flatcar.org/docs/latest/provisioning/sysext/> for more
information.
Changes since Stable-3602.2.3
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Security-fixes3>Security
fixes
- Linux (CVE-2023-7192 <https://nvd.nist.gov/vuln/detail/CVE-2023-7192>
(includes CVE-2023-6932 <https://nvd.nist.gov/vuln/detail/CVE-2023-6932>
, CVE-2023-6931 <https://nvd.nist.gov/vuln/detail/CVE-2023-6931>,
CVE-2023-6817 <https://nvd.nist.gov/vuln/detail/CVE-2023-6817>,
CVE-2023-6622 <https://nvd.nist.gov/vuln/detail/CVE-2023-6622>,
CVE-2023-6606 <https://nvd.nist.gov/vuln/detail/CVE-2023-6606>,
CVE-2023-6546 <https://nvd.nist.gov/vuln/detail/CVE-2023-6546>,
CVE-2023-6531 <https://nvd.nist.gov/vuln/detail/CVE-2023-6531>,
CVE-2023-6176 <https://nvd.nist.gov/vuln/detail/CVE-2023-6176>,
CVE-2023-6121 <https://nvd.nist.gov/vuln/detail/CVE-2023-6121>,
CVE-2023-5717 <https://nvd.nist.gov/vuln/detail/CVE-2023-5717>,
CVE-2023-5345 <https://nvd.nist.gov/vuln/detail/CVE-2023-5345>,
CVE-2023-5197 <https://nvd.nist.gov/vuln/detail/CVE-2023-5197>,
CVE-2023-51782 <https://nvd.nist.gov/vuln/detail/CVE-2023-51782>,
CVE-2023-51781 <https://nvd.nist.gov/vuln/detail/CVE-2023-51781>,
CVE-2023-51780 <https://nvd.nist.gov/vuln/detail/CVE-2023-51780>,
CVE-2023-51779 <https://nvd.nist.gov/vuln/detail/CVE-2023-51779>,
CVE-2023-5158 <https://nvd.nist.gov/vuln/detail/CVE-2023-5158>,
CVE-2023-5090 <https://nvd.nist.gov/vuln/detail/CVE-2023-5090>,
CVE-2023-4921 <https://nvd.nist.gov/vuln/detail/CVE-2023-4921>,
CVE-2023-46862 <https://nvd.nist.gov/vuln/detail/CVE-2023-46862>,
CVE-2023-46813 <https://nvd.nist.gov/vuln/detail/CVE-2023-46813>,
CVE-2023-4623 <https://nvd.nist.gov/vuln/detail/CVE-2023-4623>,
CVE-2023-45871 <https://nvd.nist.gov/vuln/detail/CVE-2023-45871>,
CVE-2023-45863 <https://nvd.nist.gov/vuln/detail/CVE-2023-45863>,
CVE-2023-45862 <https://nvd.nist.gov/vuln/detail/CVE-2023-45862>,
CVE-2023-4569 <https://nvd.nist.gov/vuln/detail/CVE-2023-4569>,
CVE-2023-4459 <https://nvd.nist.gov/vuln/detail/CVE-2023-4459>,
CVE-2023-44466 <https://nvd.nist.gov/vuln/detail/CVE-2023-44466>,
CVE-2023-4394 <https://nvd.nist.gov/vuln/detail/CVE-2023-4394>,
CVE-2023-4389 <https://nvd.nist.gov/vuln/detail/CVE-2023-4389>,
CVE-2023-4387 <https://nvd.nist.gov/vuln/detail/CVE-2023-4387>,
CVE-2023-4385 <https://nvd.nist.gov/vuln/detail/CVE-2023-4385>,
CVE-2023-42755 <https://nvd.nist.gov/vuln/detail/CVE-2023-42755>,
CVE-2023-42754 <https://nvd.nist.gov/vuln/detail/CVE-2023-42754>,
CVE-2023-42753 <https://nvd.nist.gov/vuln/detail/CVE-2023-42753>,
CVE-2023-42752 <https://nvd.nist.gov/vuln/detail/CVE-2023-42752>,
CVE-2023-4273 <https://nvd.nist.gov/vuln/detail/CVE-2023-4273>,
CVE-2023-4244 <https://nvd.nist.gov/vuln/detail/CVE-2023-4244>,
CVE-2023-4208 <https://nvd.nist.gov/vuln/detail/CVE-2023-4208>,
CVE-2023-4207 <https://nvd.nist.gov/vuln/detail/CVE-2023-4207>,
CVE-2023-4206 <https://nvd.nist.gov/vuln/detail/CVE-2023-4206>,
CVE-2023-4155 <https://nvd.nist.gov/vuln/detail/CVE-2023-4155>,
CVE-2023-4147 <https://nvd.nist.gov/vuln/detail/CVE-2023-4147>,
CVE-2023-4132 <https://nvd.nist.gov/vuln/detail/CVE-2023-4132>,
CVE-2023-40283 <https://nvd.nist.gov/vuln/detail/CVE-2023-40283>,
CVE-2023-4015 <https://nvd.nist.gov/vuln/detail/CVE-2023-4015>,
CVE-2023-4004 <https://nvd.nist.gov/vuln/detail/CVE-2023-4004>,
CVE-2023-39198 <https://nvd.nist.gov/vuln/detail/CVE-2023-39198>,
CVE-2023-39197 <https://nvd.nist.gov/vuln/detail/CVE-2023-39197>,
CVE-2023-39194 <https://nvd.nist.gov/vuln/detail/CVE-2023-39194>,
CVE-2023-39193 <https://nvd.nist.gov/vuln/detail/CVE-2023-39193>,
CVE-2023-39192 <https://nvd.nist.gov/vuln/detail/CVE-2023-39192>,
CVE-2023-39189 <https://nvd.nist.gov/vuln/detail/CVE-2023-39189>,
CVE-2023-3867 <https://nvd.nist.gov/vuln/detail/CVE-2023-3867>,
CVE-2023-3866 <https://nvd.nist.gov/vuln/detail/CVE-2023-3866>,
CVE-2023-3865 <https://nvd.nist.gov/vuln/detail/CVE-2023-3865>,
CVE-2023-3863 <https://nvd.nist.gov/vuln/detail/CVE-2023-3863>,
CVE-2023-38432 <https://nvd.nist.gov/vuln/detail/CVE-2023-38432>,
CVE-2023-38431 <https://nvd.nist.gov/vuln/detail/CVE-2023-38431>,
CVE-2023-38430 <https://nvd.nist.gov/vuln/detail/CVE-2023-38430>,
CVE-2023-38429 <https://nvd.nist.gov/vuln/detail/CVE-2023-38429>,
CVE-2023-38428 <https://nvd.nist.gov/vuln/detail/CVE-2023-38428>,
CVE-2023-38427 <https://nvd.nist.gov/vuln/detail/CVE-2023-38427>,
CVE-2023-38426 <https://nvd.nist.gov/vuln/detail/CVE-2023-38426>,
CVE-2023-38409 <https://nvd.nist.gov/vuln/detail/CVE-2023-38409>,
CVE-2023-3812 <https://nvd.nist.gov/vuln/detail/CVE-2023-3812>,
CVE-2023-3777 <https://nvd.nist.gov/vuln/detail/CVE-2023-3777>,
CVE-2023-3776 <https://nvd.nist.gov/vuln/detail/CVE-2023-3776>,
CVE-2023-3773 <https://nvd.nist.gov/vuln/detail/CVE-2023-3773>,
CVE-2023-3772 <https://nvd.nist.gov/vuln/detail/CVE-2023-3772>,
CVE-2023-3611 <https://nvd.nist.gov/vuln/detail/CVE-2023-3611>,
CVE-2023-3610 <https://nvd.nist.gov/vuln/detail/CVE-2023-3610>,
CVE-2023-3609 <https://nvd.nist.gov/vuln/detail/CVE-2023-3609>,
CVE-2023-35829 <https://nvd.nist.gov/vuln/detail/CVE-2023-35829>,
CVE-2023-35828 <https://nvd.nist.gov/vuln/detail/CVE-2023-35828>,
CVE-2023-35827 <https://nvd.nist.gov/vuln/detail/CVE-2023-35827>,
CVE-2023-35826 <https://nvd.nist.gov/vuln/detail/CVE-2023-35826>,
CVE-2023-35824 <https://nvd.nist.gov/vuln/detail/CVE-2023-35824>,
CVE-2023-35823 <https://nvd.nist.gov/vuln/detail/CVE-2023-35823>,
CVE-2023-35788 <https://nvd.nist.gov/vuln/detail/CVE-2023-35788>,
CVE-2023-3567 <https://nvd.nist.gov/vuln/detail/CVE-2023-3567>,
CVE-2023-35001 <https://nvd.nist.gov/vuln/detail/CVE-2023-35001>,
CVE-2023-3439 <https://nvd.nist.gov/vuln/detail/CVE-2023-3439>,
CVE-2023-34324 <https://nvd.nist.gov/vuln/detail/CVE-2023-34324>,
CVE-2023-34319 <https://nvd.nist.gov/vuln/detail/CVE-2023-34319>,
CVE-2023-34256 <https://nvd.nist.gov/vuln/detail/CVE-2023-34256>,
CVE-2023-33952 <https://nvd.nist.gov/vuln/detail/CVE-2023-33952>,
CVE-2023-33951 <https://nvd.nist.gov/vuln/detail/CVE-2023-33951>,
CVE-2023-3390 <https://nvd.nist.gov/vuln/detail/CVE-2023-3390>,
CVE-2023-3359 <https://nvd.nist.gov/vuln/detail/CVE-2023-3359>,
CVE-2023-3358 <https://nvd.nist.gov/vuln/detail/CVE-2023-3358>,
CVE-2023-3357 <https://nvd.nist.gov/vuln/detail/CVE-2023-3357>,
CVE-2023-3355 <https://nvd.nist.gov/vuln/detail/CVE-2023-3355>,
CVE-2023-33288 <https://nvd.nist.gov/vuln/detail/CVE-2023-33288>,
CVE-2023-33203 <https://nvd.nist.gov/vuln/detail/CVE-2023-33203>,
CVE-2023-3269 <https://nvd.nist.gov/vuln/detail/CVE-2023-3269>,
CVE-2023-3268 <https://nvd.nist.gov/vuln/detail/CVE-2023-3268>,
CVE-2023-32269 <https://nvd.nist.gov/vuln/detail/CVE-2023-32269>,
CVE-2023-32258 <https://nvd.nist.gov/vuln/detail/CVE-2023-32258>,
CVE-2023-32257 <https://nvd.nist.gov/vuln/detail/CVE-2023-32257>,
CVE-2023-32254 <https://nvd.nist.gov/vuln/detail/CVE-2023-32254>,
CVE-2023-32252 <https://nvd.nist.gov/vuln/detail/CVE-2023-32252>,
CVE-2023-32250 <https://nvd.nist.gov/vuln/detail/CVE-2023-32250>,
CVE-2023-32248 <https://nvd.nist.gov/vuln/detail/CVE-2023-32248>,
CVE-2023-32247 <https://nvd.nist.gov/vuln/detail/CVE-2023-32247>,
CVE-2023-32233 <https://nvd.nist.gov/vuln/detail/CVE-2023-32233>,
CVE-2023-3220 <https://nvd.nist.gov/vuln/detail/CVE-2023-3220>,
CVE-2023-3212 <https://nvd.nist.gov/vuln/detail/CVE-2023-3212>,
CVE-2023-3161 <https://nvd.nist.gov/vuln/detail/CVE-2023-3161>,
CVE-2023-3159 <https://nvd.nist.gov/vuln/detail/CVE-2023-3159>,
CVE-2023-31436 <https://nvd.nist.gov/vuln/detail/CVE-2023-31436>,
CVE-2023-3141 <https://nvd.nist.gov/vuln/detail/CVE-2023-3141>,
CVE-2023-31248 <https://nvd.nist.gov/vuln/detail/CVE-2023-31248>,
CVE-2023-3111 <https://nvd.nist.gov/vuln/detail/CVE-2023-3111>,
CVE-2023-31085 <https://nvd.nist.gov/vuln/detail/CVE-2023-31085>,
CVE-2023-3090 <https://nvd.nist.gov/vuln/detail/CVE-2023-3090>,
CVE-2023-30772 <https://nvd.nist.gov/vuln/detail/CVE-2023-30772>,
CVE-2023-30456 <https://nvd.nist.gov/vuln/detail/CVE-2023-30456>,
CVE-2023-3006 <https://nvd.nist.gov/vuln/detail/CVE-2023-3006>,
CVE-2023-2985 <https://nvd.nist.gov/vuln/detail/CVE-2023-2985>,
CVE-2023-2898 <https://nvd.nist.gov/vuln/detail/CVE-2023-2898>,
CVE-2023-28866 <https://nvd.nist.gov/vuln/detail/CVE-2023-28866>,
CVE-2023-28466 <https://nvd.nist.gov/vuln/detail/CVE-2023-28466>,
CVE-2023-28410 <https://nvd.nist.gov/vuln/detail/CVE-2023-28410>,
CVE-2023-28328 <https://nvd.nist.gov/vuln/detail/CVE-2023-28328>,
CVE-2023-28327 <https://nvd.nist.gov/vuln/detail/CVE-2023-28327>,
CVE-2023-26607 <https://nvd.nist.gov/vuln/detail/CVE-2023-26607>,
CVE-2023-26606 <https://nvd.nist.gov/vuln/detail/CVE-2023-26606>,
CVE-2023-26545 <https://nvd.nist.gov/vuln/detail/CVE-2023-26545>,
CVE-2023-26544 <https://nvd.nist.gov/vuln/detail/CVE-2023-26544>,
CVE-2023-25775 <https://nvd.nist.gov/vuln/detail/CVE-2023-25775>,
CVE-2023-2513 <https://nvd.nist.gov/vuln/detail/CVE-2023-2513>,
CVE-2023-25012 <https://nvd.nist.gov/vuln/detail/CVE-2023-25012>,
CVE-2023-2430 <https://nvd.nist.gov/vuln/detail/CVE-2023-2430>,
CVE-2023-23559 <https://nvd.nist.gov/vuln/detail/CVE-2023-23559>,
CVE-2023-23455 <https://nvd.nist.gov/vuln/detail/CVE-2023-23455>,
CVE-2023-23454 <https://nvd.nist.gov/vuln/detail/CVE-2023-23454>,
CVE-2023-23002 <https://nvd.nist.gov/vuln/detail/CVE-2023-23002>,
CVE-2023-23001 <https://nvd.nist.gov/vuln/detail/CVE-2023-23001>,
CVE-2023-22999 <https://nvd.nist.gov/vuln/detail/CVE-2023-22999>,
CVE-2023-22998 <https://nvd.nist.gov/vuln/detail/CVE-2023-22998>,
CVE-2023-22997 <https://nvd.nist.gov/vuln/detail/CVE-2023-22997>,
CVE-2023-22996 <https://nvd.nist.gov/vuln/detail/CVE-2023-22996>,
CVE-2023-2269 <https://nvd.nist.gov/vuln/detail/CVE-2023-2269>,
CVE-2023-2236 <https://nvd.nist.gov/vuln/detail/CVE-2023-2236>,
CVE-2023-2235 <https://nvd.nist.gov/vuln/detail/CVE-2023-2235>,
CVE-2023-2194 <https://nvd.nist.gov/vuln/detail/CVE-2023-2194>,
CVE-2023-2177 <https://nvd.nist.gov/vuln/detail/CVE-2023-2177>,
CVE-2023-2166 <https://nvd.nist.gov/vuln/detail/CVE-2023-2166>,
CVE-2023-2163 <https://nvd.nist.gov/vuln/detail/CVE-2023-2163>,
CVE-2023-2162 <https://nvd.nist.gov/vuln/detail/CVE-2023-2162>,
CVE-2023-2156 <https://nvd.nist.gov/vuln/detail/CVE-2023-2156>,
CVE-2023-21255 <https://nvd.nist.gov/vuln/detail/CVE-2023-21255>,
CVE-2023-2124 <https://nvd.nist.gov/vuln/detail/CVE-2023-2124>,
CVE-2023-21106 <https://nvd.nist.gov/vuln/detail/CVE-2023-21106>,
CVE-2023-21102 <https://nvd.nist.gov/vuln/detail/CVE-2023-21102>,
CVE-2023-20938 <https://nvd.nist.gov/vuln/detail/CVE-2023-20938>,
CVE-2023-20928 <https://nvd.nist.gov/vuln/detail/CVE-2023-20928>,
CVE-2023-20593 <https://nvd.nist.gov/vuln/detail/CVE-2023-20593>,
CVE-2023-20588 <https://nvd.nist.gov/vuln/detail/CVE-2023-20588>,
CVE-2023-20569 <https://nvd.nist.gov/vuln/detail/CVE-2023-20569>,
CVE-2023-2019 <https://nvd.nist.gov/vuln/detail/CVE-2023-2019>,
CVE-2023-2008 <https://nvd.nist.gov/vuln/detail/CVE-2023-2008>,
CVE-2023-2006 <https://nvd.nist.gov/vuln/detail/CVE-2023-2006>,
CVE-2023-2002 <https://nvd.nist.gov/vuln/detail/CVE-2023-2002>,
CVE-2023-1998 <https://nvd.nist.gov/vuln/detail/CVE-2023-1998>,
CVE-2023-1990 <https://nvd.nist.gov/vuln/detail/CVE-2023-1990>,
CVE-2023-1989 <https://nvd.nist.gov/vuln/detail/CVE-2023-1989>,
CVE-2023-1872 <https://nvd.nist.gov/vuln/detail/CVE-2023-1872>,
CVE-2023-1859 <https://nvd.nist.gov/vuln/detail/CVE-2023-1859>,
CVE-2023-1855 <https://nvd.nist.gov/vuln/detail/CVE-2023-1855>,
CVE-2023-1838 <https://nvd.nist.gov/vuln/detail/CVE-2023-1838>,
CVE-2023-1829 <https://nvd.nist.gov/vuln/detail/CVE-2023-1829>,
CVE-2023-1670 <https://nvd.nist.gov/vuln/detail/CVE-2023-1670>,
CVE-2023-1652 <https://nvd.nist.gov/vuln/detail/CVE-2023-1652>,
CVE-2023-1637 <https://nvd.nist.gov/vuln/detail/CVE-2023-1637>,
CVE-2023-1611 <https://nvd.nist.gov/vuln/detail/CVE-2023-1611>,
CVE-2023-1583 <https://nvd.nist.gov/vuln/detail/CVE-2023-1583>,
CVE-2023-1582 <https://nvd.nist.gov/vuln/detail/CVE-2023-1582>,
CVE-2023-1513 <https://nvd.nist.gov/vuln/detail/CVE-2023-1513>,
CVE-2023-1382 <https://nvd.nist.gov/vuln/detail/CVE-2023-1382>,
CVE-2023-1380 <https://nvd.nist.gov/vuln/detail/CVE-2023-1380>,
CVE-2023-1281 <https://nvd.nist.gov/vuln/detail/CVE-2023-1281>,
CVE-2023-1249 <https://nvd.nist.gov/vuln/detail/CVE-2023-1249>,
CVE-2023-1206 <https://nvd.nist.gov/vuln/detail/CVE-2023-1206>,
CVE-2023-1194 <https://nvd.nist.gov/vuln/detail/CVE-2023-1194>,
CVE-2023-1193 <https://nvd.nist.gov/vuln/detail/CVE-2023-1193>,
CVE-2023-1192 <https://nvd.nist.gov/vuln/detail/CVE-2023-1192>,
CVE-2023-1118 <https://nvd.nist.gov/vuln/detail/CVE-2023-1118>,
CVE-2023-1095 <https://nvd.nist.gov/vuln/detail/CVE-2023-1095>,
CVE-2023-1079 <https://nvd.nist.gov/vuln/detail/CVE-2023-1079>,
CVE-2023-1078 <https://nvd.nist.gov/vuln/detail/CVE-2023-1078>,
CVE-2023-1077 <https://nvd.nist.gov/vuln/detail/CVE-2023-1077>,
CVE-2023-1076 <https://nvd.nist.gov/vuln/detail/CVE-2023-1076>,
CVE-2023-1075 <https://nvd.nist.gov/vuln/detail/CVE-2023-1075>,
CVE-2023-1074 <https://nvd.nist.gov/vuln/detail/CVE-2023-1074>,
CVE-2023-1073 <https://nvd.nist.gov/vuln/detail/CVE-2023-1073>,
CVE-2023-1032 <https://nvd.nist.gov/vuln/detail/CVE-2023-1032>,
CVE-2023-0615 <https://nvd.nist.gov/vuln/detail/CVE-2023-0615>,
CVE-2023-0590 <https://nvd.nist.gov/vuln/detail/CVE-2023-0590>,
CVE-2023-0469 <https://nvd.nist.gov/vuln/detail/CVE-2023-0469>,
CVE-2023-0468 <https://nvd.nist.gov/vuln/detail/CVE-2023-0468>,
CVE-2023-0461 <https://nvd.nist.gov/vuln/detail/CVE-2023-0461>,
CVE-2023-0459 <https://nvd.nist.gov/vuln/detail/CVE-2023-0459>,
CVE-2023-0458 <https://nvd.nist.gov/vuln/detail/CVE-2023-0458>,
CVE-2023-0394 <https://nvd.nist.gov/vuln/detail/CVE-2023-0394>,
CVE-2023-0386 <https://nvd.nist.gov/vuln/detail/CVE-2023-0386>,
CVE-2023-0266 <https://nvd.nist.gov/vuln/detail/CVE-2023-0266>,
CVE-2023-0210 <https://nvd.nist.gov/vuln/detail/CVE-2023-0210>,
CVE-2023-0179 <https://nvd.nist.gov/vuln/detail/CVE-2023-0179>,
CVE-2023-0160 <https://nvd.nist.gov/vuln/detail/CVE-2023-0160>,
CVE-2023-0045 <https://nvd.nist.gov/vuln/detail/CVE-2023-0045>,
CVE-2022-48619 <https://nvd.nist.gov/vuln/detail/CVE-2022-48619>,
CVE-2022-48502 <https://nvd.nist.gov/vuln/detail/CVE-2022-48502>,
CVE-2022-48425 <https://nvd.nist.gov/vuln/detail/CVE-2022-48425>,
CVE-2022-48424 <https://nvd.nist.gov/vuln/detail/CVE-2022-48424>,
CVE-2022-48423 <https://nvd.nist.gov/vuln/detail/CVE-2022-48423>,
CVE-2022-4842 <https://nvd.nist.gov/vuln/detail/CVE-2022-4842>,
CVE-2022-47943 <https://nvd.nist.gov/vuln/detail/CVE-2022-47943>,
CVE-2022-47942 <https://nvd.nist.gov/vuln/detail/CVE-2022-47942>,
CVE-2022-47941 <https://nvd.nist.gov/vuln/detail/CVE-2022-47941>,
CVE-2022-47940 <https://nvd.nist.gov/vuln/detail/CVE-2022-47940>,
CVE-2022-47939 <https://nvd.nist.gov/vuln/detail/CVE-2022-47939>,
CVE-2022-47938 <https://nvd.nist.gov/vuln/detail/CVE-2022-47938>,
CVE-2022-47929 <https://nvd.nist.gov/vuln/detail/CVE-2022-47929>,
CVE-2022-47521 <https://nvd.nist.gov/vuln/detail/CVE-2022-47521>,
CVE-2022-47520 <https://nvd.nist.gov/vuln/detail/CVE-2022-47520>,
CVE-2022-47519 <https://nvd.nist.gov/vuln/detail/CVE-2022-47519>,
CVE-2022-47518 <https://nvd.nist.gov/vuln/detail/CVE-2022-47518>,
CVE-2022-4662 <https://nvd.nist.gov/vuln/detail/CVE-2022-4662>,
CVE-2022-45934 <https://nvd.nist.gov/vuln/detail/CVE-2022-45934>,
CVE-2022-45919 <https://nvd.nist.gov/vuln/detail/CVE-2022-45919>,
CVE-2022-45887 <https://nvd.nist.gov/vuln/detail/CVE-2022-45887>,
CVE-2022-45886 <https://nvd.nist.gov/vuln/detail/CVE-2022-45886>,
CVE-2022-45869 <https://nvd.nist.gov/vuln/detail/CVE-2022-45869>,
CVE-2022-43945 <https://nvd.nist.gov/vuln/detail/CVE-2022-43945>,
CVE-2022-4382 <https://nvd.nist.gov/vuln/detail/CVE-2022-4382>,
CVE-2022-4379 <https://nvd.nist.gov/vuln/detail/CVE-2022-4379>,
CVE-2022-4378 <https://nvd.nist.gov/vuln/detail/CVE-2022-4378>,
CVE-2022-43750 <https://nvd.nist.gov/vuln/detail/CVE-2022-43750>,
CVE-2022-42896 <https://nvd.nist.gov/vuln/detail/CVE-2022-42896>,
CVE-2022-42895 <https://nvd.nist.gov/vuln/detail/CVE-2022-42895>,
CVE-2022-42722 <https://nvd.nist.gov/vuln/detail/CVE-2022-42722>,
CVE-2022-42721 <https://nvd.nist.gov/vuln/detail/CVE-2022-42721>,
CVE-2022-42720 <https://nvd.nist.gov/vuln/detail/CVE-2022-42720>,
CVE-2022-42719 <https://nvd.nist.gov/vuln/detail/CVE-2022-42719>,
CVE-2022-42703 <https://nvd.nist.gov/vuln/detail/CVE-2022-42703>,
CVE-2022-4269 <https://nvd.nist.gov/vuln/detail/CVE-2022-4269>,
CVE-2022-42432 <https://nvd.nist.gov/vuln/detail/CVE-2022-42432>,
CVE-2022-42329 <https://nvd.nist.gov/vuln/detail/CVE-2022-42329>,
CVE-2022-42328 <https://nvd.nist.gov/vuln/detail/CVE-2022-42328>,
CVE-2022-41858 <https://nvd.nist.gov/vuln/detail/CVE-2022-41858>,
CVE-2022-41850 <https://nvd.nist.gov/vuln/detail/CVE-2022-41850>,
CVE-2022-41849 <https://nvd.nist.gov/vuln/detail/CVE-2022-41849>,
CVE-2022-41674 <https://nvd.nist.gov/vuln/detail/CVE-2022-41674>,
CVE-2022-4139 <https://nvd.nist.gov/vuln/detail/CVE-2022-4139>,
CVE-2022-4128 <https://nvd.nist.gov/vuln/detail/CVE-2022-4128>,
CVE-2022-41218 <https://nvd.nist.gov/vuln/detail/CVE-2022-41218>,
CVE-2022-40982 <https://nvd.nist.gov/vuln/detail/CVE-2022-40982>,
CVE-2022-4095 <https://nvd.nist.gov/vuln/detail/CVE-2022-4095>,
CVE-2022-40768 <https://nvd.nist.gov/vuln/detail/CVE-2022-40768>,
CVE-2022-40307 <https://nvd.nist.gov/vuln/detail/CVE-2022-40307>,
CVE-2022-40133 <https://nvd.nist.gov/vuln/detail/CVE-2022-40133>,
CVE-2022-3977 <https://nvd.nist.gov/vuln/detail/CVE-2022-3977>,
CVE-2022-39190 <https://nvd.nist.gov/vuln/detail/CVE-2022-39190>,
CVE-2022-39189 <https://nvd.nist.gov/vuln/detail/CVE-2022-39189>,
CVE-2022-3910 <https://nvd.nist.gov/vuln/detail/CVE-2022-3910>,
CVE-2022-38457 <https://nvd.nist.gov/vuln/detail/CVE-2022-38457>,
CVE-2022-3707 <https://nvd.nist.gov/vuln/detail/CVE-2022-3707>,
CVE-2022-36946 <https://nvd.nist.gov/vuln/detail/CVE-2022-36946>,
CVE-2022-36879 <https://nvd.nist.gov/vuln/detail/CVE-2022-36879>,
CVE-2022-3649 <https://nvd.nist.gov/vuln/detail/CVE-2022-3649>,
CVE-2022-3646 <https://nvd.nist.gov/vuln/detail/CVE-2022-3646>,
CVE-2022-3643 <https://nvd.nist.gov/vuln/detail/CVE-2022-3643>,
CVE-2022-3640 <https://nvd.nist.gov/vuln/detail/CVE-2022-3640>,
CVE-2022-3635 <https://nvd.nist.gov/vuln/detail/CVE-2022-3635>,
CVE-2022-3630 <https://nvd.nist.gov/vuln/detail/CVE-2022-3630>,
CVE-2022-3629 <https://nvd.nist.gov/vuln/detail/CVE-2022-3629>,
CVE-2022-36280 <https://nvd.nist.gov/vuln/detail/CVE-2022-36280>,
CVE-2022-3628 <https://nvd.nist.gov/vuln/detail/CVE-2022-3628>,
CVE-2022-3625 <https://nvd.nist.gov/vuln/detail/CVE-2022-3625>,
CVE-2022-3623 <https://nvd.nist.gov/vuln/detail/CVE-2022-3623>,
CVE-2022-3621 <https://nvd.nist.gov/vuln/detail/CVE-2022-3621>,
CVE-2022-3619 <https://nvd.nist.gov/vuln/detail/CVE-2022-3619>,
CVE-2022-36123 <https://nvd.nist.gov/vuln/detail/CVE-2022-36123>,
CVE-2022-3595 <https://nvd.nist.gov/vuln/detail/CVE-2022-3595>,
CVE-2022-3594 <https://nvd.nist.gov/vuln/detail/CVE-2022-3594>,
CVE-2022-3586 <https://nvd.nist.gov/vuln/detail/CVE-2022-3586>,
CVE-2022-3577 <https://nvd.nist.gov/vuln/detail/CVE-2022-3577>,
CVE-2022-3565 <https://nvd.nist.gov/vuln/detail/CVE-2022-3565>,
CVE-2022-3564 <https://nvd.nist.gov/vuln/detail/CVE-2022-3564>,
CVE-2022-3543 <https://nvd.nist.gov/vuln/detail/CVE-2022-3543>,
CVE-2022-3541 <https://nvd.nist.gov/vuln/detail/CVE-2022-3541>,
CVE-2022-3534 <https://nvd.nist.gov/vuln/detail/CVE-2022-3534>,
CVE-2022-3526 <https://nvd.nist.gov/vuln/detail/CVE-2022-3526>,
CVE-2022-3524 <https://nvd.nist.gov/vuln/detail/CVE-2022-3524>,
CVE-2022-3521 <https://nvd.nist.gov/vuln/detail/CVE-2022-3521>,
CVE-2022-34918 <https://nvd.nist.gov/vuln/detail/CVE-2022-34918>,
CVE-2022-34495 <https://nvd.nist.gov/vuln/detail/CVE-2022-34495>,
CVE-2022-34494 <https://nvd.nist.gov/vuln/detail/CVE-2022-34494>,
CVE-2022-3435 <https://nvd.nist.gov/vuln/detail/CVE-2022-3435>,
CVE-2022-3424 <https://nvd.nist.gov/vuln/detail/CVE-2022-3424>,
CVE-2022-33981 <https://nvd.nist.gov/vuln/detail/CVE-2022-33981>,
CVE-2022-33744 <https://nvd.nist.gov/vuln/detail/CVE-2022-33744>,
CVE-2022-33743 <https://nvd.nist.gov/vuln/detail/CVE-2022-33743>,
CVE-2022-33742 <https://nvd.nist.gov/vuln/detail/CVE-2022-33742>,
CVE-2022-33741 <https://nvd.nist.gov/vuln/detail/CVE-2022-33741>,
CVE-2022-33740 <https://nvd.nist.gov/vuln/detail/CVE-2022-33740>,
CVE-2022-3344 <https://nvd.nist.gov/vuln/detail/CVE-2022-3344>,
CVE-2022-3303 <https://nvd.nist.gov/vuln/detail/CVE-2022-3303>,
CVE-2022-32981 <https://nvd.nist.gov/vuln/detail/CVE-2022-32981>,
CVE-2022-3239 <https://nvd.nist.gov/vuln/detail/CVE-2022-3239>,
CVE-2022-32296 <https://nvd.nist.gov/vuln/detail/CVE-2022-32296>,
CVE-2022-32250 <https://nvd.nist.gov/vuln/detail/CVE-2022-32250>,
CVE-2022-3202 <https://nvd.nist.gov/vuln/detail/CVE-2022-3202>,
CVE-2022-3169 <https://nvd.nist.gov/vuln/detail/CVE-2022-3169>,
CVE-2022-3115 <https://nvd.nist.gov/vuln/detail/CVE-2022-3115>,
CVE-2022-3113 <https://nvd.nist.gov/vuln/detail/CVE-2022-3113>,
CVE-2022-3112 <https://nvd.nist.gov/vuln/detail/CVE-2022-3112>,
CVE-2022-3111 <https://nvd.nist.gov/vuln/detail/CVE-2022-3111>,
CVE-2022-3110 <https://nvd.nist.gov/vuln/detail/CVE-2022-3110>,
CVE-2022-3108 <https://nvd.nist.gov/vuln/detail/CVE-2022-3108>,
CVE-2022-3107 <https://nvd.nist.gov/vuln/detail/CVE-2022-3107>,
CVE-2022-3105 <https://nvd.nist.gov/vuln/detail/CVE-2022-3105>,
CVE-2022-3104 <https://nvd.nist.gov/vuln/detail/CVE-2022-3104>,
CVE-2022-3078 <https://nvd.nist.gov/vuln/detail/CVE-2022-3078>,
CVE-2022-3077 <https://nvd.nist.gov/vuln/detail/CVE-2022-3077>,
CVE-2022-30594 <https://nvd.nist.gov/vuln/detail/CVE-2022-30594>,
CVE-2022-3028 <https://nvd.nist.gov/vuln/detail/CVE-2022-3028>,
CVE-2022-29968 <https://nvd.nist.gov/vuln/detail/CVE-2022-29968>,
CVE-2022-29901 <https://nvd.nist.gov/vuln/detail/CVE-2022-29901>,
CVE-2022-29900 <https://nvd.nist.gov/vuln/detail/CVE-2022-29900>,
CVE-2022-2978 <https://nvd.nist.gov/vuln/detail/CVE-2022-2978>,
CVE-2022-2977 <https://nvd.nist.gov/vuln/detail/CVE-2022-2977>,
CVE-2022-2964 <https://nvd.nist.gov/vuln/detail/CVE-2022-2964>,
CVE-2022-2959 <https://nvd.nist.gov/vuln/detail/CVE-2022-2959>,
CVE-2022-29582 <https://nvd.nist.gov/vuln/detail/CVE-2022-29582>,
CVE-2022-29581 <https://nvd.nist.gov/vuln/detail/CVE-2022-29581>,
CVE-2022-2938 <https://nvd.nist.gov/vuln/detail/CVE-2022-2938>,
CVE-2022-29156 <https://nvd.nist.gov/vuln/detail/CVE-2022-29156>,
CVE-2022-2905 <https://nvd.nist.gov/vuln/detail/CVE-2022-2905>,
CVE-2022-28893 <https://nvd.nist.gov/vuln/detail/CVE-2022-28893>,
CVE-2022-28796 <https://nvd.nist.gov/vuln/detail/CVE-2022-28796>,
CVE-2022-2873 <https://nvd.nist.gov/vuln/detail/CVE-2022-2873>,
CVE-2022-28390 <https://nvd.nist.gov/vuln/detail/CVE-2022-28390>,
CVE-2022-28389 <https://nvd.nist.gov/vuln/detail/CVE-2022-28389>,
CVE-2022-28388 <https://nvd.nist.gov/vuln/detail/CVE-2022-28388>,
CVE-2022-28356 <https://nvd.nist.gov/vuln/detail/CVE-2022-28356>,
CVE-2022-27950 <https://nvd.nist.gov/vuln/detail/CVE-2022-27950>,
CVE-2022-2785 <https://nvd.nist.gov/vuln/detail/CVE-2022-2785>,
CVE-2022-27672 <https://nvd.nist.gov/vuln/detail/CVE-2022-27672>,
CVE-2022-27666 <https://nvd.nist.gov/vuln/detail/CVE-2022-27666>,
CVE-2022-27223 <https://nvd.nist.gov/vuln/detail/CVE-2022-27223>,
CVE-2022-26966 <https://nvd.nist.gov/vuln/detail/CVE-2022-26966>,
CVE-2022-2663 <https://nvd.nist.gov/vuln/detail/CVE-2022-2663>,
CVE-2022-26490 <https://nvd.nist.gov/vuln/detail/CVE-2022-26490>,
CVE-2022-2639 <https://nvd.nist.gov/vuln/detail/CVE-2022-2639>,
CVE-2022-26373 <https://nvd.nist.gov/vuln/detail/CVE-2022-26373>,
CVE-2022-26365 <https://nvd.nist.gov/vuln/detail/CVE-2022-26365>,
CVE-2022-2602 <https://nvd.nist.gov/vuln/detail/CVE-2022-2602>,
CVE-2022-2590 <https://nvd.nist.gov/vuln/detail/CVE-2022-2590>,
CVE-2022-2588 <https://nvd.nist.gov/vuln/detail/CVE-2022-2588>,
CVE-2022-2586 <https://nvd.nist.gov/vuln/detail/CVE-2022-2586>,
CVE-2022-2585 <https://nvd.nist.gov/vuln/detail/CVE-2022-2585>,
CVE-2022-25636 <https://nvd.nist.gov/vuln/detail/CVE-2022-25636>,
CVE-2022-25375 <https://nvd.nist.gov/vuln/detail/CVE-2022-25375>,
CVE-2022-25258 <https://nvd.nist.gov/vuln/detail/CVE-2022-25258>,
CVE-2022-2503 <https://nvd.nist.gov/vuln/detail/CVE-2022-2503>,
CVE-2022-24959 <https://nvd.nist.gov/vuln/detail/CVE-2022-24959>,
CVE-2022-24958 <https://nvd.nist.gov/vuln/detail/CVE-2022-24958>,
CVE-2022-24448 <https://nvd.nist.gov/vuln/detail/CVE-2022-24448>,
CVE-2022-23960 <https://nvd.nist.gov/vuln/detail/CVE-2022-23960>,
CVE-2022-2380 <https://nvd.nist.gov/vuln/detail/CVE-2022-2380>,
CVE-2022-23222 <https://nvd.nist.gov/vuln/detail/CVE-2022-23222>,
CVE-2022-2318 <https://nvd.nist.gov/vuln/detail/CVE-2022-2318>,
CVE-2022-2308 <https://nvd.nist.gov/vuln/detail/CVE-2022-2308>,
CVE-2022-23042 <https://nvd.nist.gov/vuln/detail/CVE-2022-23042>,
CVE-2022-23041 <https://nvd.nist.gov/vuln/detail/CVE-2022-23041>,
CVE-2022-23040 <https://nvd.nist.gov/vuln/detail/CVE-2022-23040>,
CVE-2022-23039 <https://nvd.nist.gov/vuln/detail/CVE-2022-23039>,
CVE-2022-23038 <https://nvd.nist.gov/vuln/detail/CVE-2022-23038>,
CVE-2022-23037 <https://nvd.nist.gov/vuln/detail/CVE-2022-23037>,
CVE-2022-23036 <https://nvd.nist.gov/vuln/detail/CVE-2022-23036>,
CVE-2022-22942 <https://nvd.nist.gov/vuln/detail/CVE-2022-22942>,
CVE-2022-2196 <https://nvd.nist.gov/vuln/detail/CVE-2022-2196>,
CVE-2022-2153 <https://nvd.nist.gov/vuln/detail/CVE-2022-2153>,
CVE-2022-21505 <https://nvd.nist.gov/vuln/detail/CVE-2022-21505>,
CVE-2022-21499 <https://nvd.nist.gov/vuln/detail/CVE-2022-21499>,
CVE-2022-21166 <https://nvd.nist.gov/vuln/detail/CVE-2022-21166>,
CVE-2022-21125 <https://nvd.nist.gov/vuln/detail/CVE-2022-21125>,
CVE-2022-21123 <https://nvd.nist.gov/vuln/detail/CVE-2022-21123>,
CVE-2022-2078 <https://nvd.nist.gov/vuln/detail/CVE-2022-2078>,
CVE-2022-20572 <https://nvd.nist.gov/vuln/detail/CVE-2022-20572>,
CVE-2022-20566 <https://nvd.nist.gov/vuln/detail/CVE-2022-20566>,
CVE-2022-20423 <https://nvd.nist.gov/vuln/detail/CVE-2022-20423>,
CVE-2022-20422 <https://nvd.nist.gov/vuln/detail/CVE-2022-20422>,
CVE-2022-20421 <https://nvd.nist.gov/vuln/detail/CVE-2022-20421>,
CVE-2022-20369 <https://nvd.nist.gov/vuln/detail/CVE-2022-20369>,
CVE-2022-20368 <https://nvd.nist.gov/vuln/detail/CVE-2022-20368>,
CVE-2022-20158 <https://nvd.nist.gov/vuln/detail/CVE-2022-20158>,
CVE-2022-20008 <https://nvd.nist.gov/vuln/detail/CVE-2022-20008>,
CVE-2022-1998 <https://nvd.nist.gov/vuln/detail/CVE-2022-1998>,
CVE-2022-1976 <https://nvd.nist.gov/vuln/detail/CVE-2022-1976>,
CVE-2022-1975 <https://nvd.nist.gov/vuln/detail/CVE-2022-1975>,
CVE-2022-1974 <https://nvd.nist.gov/vuln/detail/CVE-2022-1974>,
CVE-2022-1973 <https://nvd.nist.gov/vuln/detail/CVE-2022-1973>,
CVE-2022-1943 <https://nvd.nist.gov/vuln/detail/CVE-2022-1943>,
CVE-2022-1882 <https://nvd.nist.gov/vuln/detail/CVE-2022-1882>,
CVE-2022-1852 <https://nvd.nist.gov/vuln/detail/CVE-2022-1852>,
CVE-2022-1789 <https://nvd.nist.gov/vuln/detail/CVE-2022-1789>,
CVE-2022-1734 <https://nvd.nist.gov/vuln/detail/CVE-2022-1734>,
CVE-2022-1729 <https://nvd.nist.gov/vuln/detail/CVE-2022-1729>,
CVE-2022-1679 <https://nvd.nist.gov/vuln/detail/CVE-2022-1679>,
CVE-2022-1671 <https://nvd.nist.gov/vuln/detail/CVE-2022-1671>,
CVE-2022-1652 <https://nvd.nist.gov/vuln/detail/CVE-2022-1652>,
CVE-2022-1651 <https://nvd.nist.gov/vuln/detail/CVE-2022-1651>,
CVE-2022-1516 <https://nvd.nist.gov/vuln/detail/CVE-2022-1516>,
CVE-2022-1462 <https://nvd.nist.gov/vuln/detail/CVE-2022-1462>,
CVE-2022-1353 <https://nvd.nist.gov/vuln/detail/CVE-2022-1353>,
CVE-2022-1263 <https://nvd.nist.gov/vuln/detail/CVE-2022-1263>,
CVE-2022-1205 <https://nvd.nist.gov/vuln/detail/CVE-2022-1205>,
CVE-2022-1204 <https://nvd.nist.gov/vuln/detail/CVE-2022-1204>,
CVE-2022-1199 <https://nvd.nist.gov/vuln/detail/CVE-2022-1199>,
CVE-2022-1198 <https://nvd.nist.gov/vuln/detail/CVE-2022-1198>,
CVE-2022-1184 <https://nvd.nist.gov/vuln/detail/CVE-2022-1184>,
CVE-2022-1158 <https://nvd.nist.gov/vuln/detail/CVE-2022-1158>,
CVE-2022-1055 <https://nvd.nist.gov/vuln/detail/CVE-2022-1055>,
CVE-2022-1048 <https://nvd.nist.gov/vuln/detail/CVE-2022-1048>,
CVE-2022-1016 <https://nvd.nist.gov/vuln/detail/CVE-2022-1016>,
CVE-2022-1015 <https://nvd.nist.gov/vuln/detail/CVE-2022-1015>,
CVE-2022-1012 <https://nvd.nist.gov/vuln/detail/CVE-2022-1012>,
CVE-2022-1011 <https://nvd.nist.gov/vuln/detail/CVE-2022-1011>,
CVE-2022-0995 <https://nvd.nist.gov/vuln/detail/CVE-2022-0995>,
CVE-2022-0847 <https://nvd.nist.gov/vuln/detail/CVE-2022-0847>,
CVE-2022-0742 <https://nvd.nist.gov/vuln/detail/CVE-2022-0742>,
CVE-2022-0617 <https://nvd.nist.gov/vuln/detail/CVE-2022-0617>,
CVE-2022-0516 <https://nvd.nist.gov/vuln/detail/CVE-2022-0516>,
CVE-2022-0500 <https://nvd.nist.gov/vuln/detail/CVE-2022-0500>,
CVE-2022-0494 <https://nvd.nist.gov/vuln/detail/CVE-2022-0494>,
CVE-2022-0492 <https://nvd.nist.gov/vuln/detail/CVE-2022-0492>,
CVE-2022-0487 <https://nvd.nist.gov/vuln/detail/CVE-2022-0487>,
CVE-2022-0435 <https://nvd.nist.gov/vuln/detail/CVE-2022-0435>,
CVE-2022-0433 <https://nvd.nist.gov/vuln/detail/CVE-2022-0433>,
CVE-2022-0382 <https://nvd.nist.gov/vuln/detail/CVE-2022-0382>,
CVE-2022-0330 <https://nvd.nist.gov/vuln/detail/CVE-2022-0330>,
CVE-2022-0185 <https://nvd.nist.gov/vuln/detail/CVE-2022-0185>,
CVE-2022-0168 <https://nvd.nist.gov/vuln/detail/CVE-2022-0168>,
CVE-2022-0002 <https://nvd.nist.gov/vuln/detail/CVE-2022-0002>,
CVE-2022-0001 <https://nvd.nist.gov/vuln/detail/CVE-2022-0001>,
CVE-2021-45469 <https://nvd.nist.gov/vuln/detail/CVE-2021-45469>,
CVE-2021-44879 <https://nvd.nist.gov/vuln/detail/CVE-2021-44879>,
CVE-2021-43976 <https://nvd.nist.gov/vuln/detail/CVE-2021-43976>,
CVE-2021-4197 <https://nvd.nist.gov/vuln/detail/CVE-2021-4197>,
CVE-2021-4155 <https://nvd.nist.gov/vuln/detail/CVE-2021-4155>,
CVE-2021-3923 <https://nvd.nist.gov/vuln/detail/CVE-2021-3923>,
CVE-2021-33655 <https://nvd.nist.gov/vuln/detail/CVE-2021-33655>,
CVE-2021-33135 <https://nvd.nist.gov/vuln/detail/CVE-2021-33135>,
CVE-2021-26401 <https://nvd.nist.gov/vuln/detail/CVE-2021-26401>,
CVE-2020-36516 <https://nvd.nist.gov/vuln/detail/CVE-2020-36516>))
- Go (CVE-2023-39323 <https://nvd.nist.gov/vuln/detail/CVE-2023-39323>,
CVE-2023-39322 <https://nvd.nist.gov/vuln/detail/CVE-2023-39322>,
CVE-2023-39321 <https://nvd.nist.gov/vuln/detail/CVE-2023-39321>,
CVE-2023-39320 <https://nvd.nist.gov/vuln/detail/CVE-2023-39320>,
CVE-2023-39319 <https://nvd.nist.gov/vuln/detail/CVE-2023-39319>,
CVE-2023-39318 <https://nvd.nist.gov/vuln/detail/CVE-2023-39318>,
CVE-2023-29409 <https://nvd.nist.gov/vuln/detail/CVE-2023-29409>,
CVE-2023-29406 <https://nvd.nist.gov/vuln/detail/CVE-2023-29406>,
CVE-2023-29405 <https://nvd.nist.gov/vuln/detail/CVE-2023-29405>,
CVE-2023-29404 <https://nvd.nist.gov/vuln/detail/CVE-2023-29404>,
CVE-2023-29403 <https://nvd.nist.gov/vuln/detail/CVE-2023-29403>,
CVE-2023-29402 <https://nvd.nist.gov/vuln/detail/CVE-2023-29402>)
- OpenSSL (CVE-2023-3446 <https://nvd.nist.gov/vuln/detail/CVE-2023-3446>
, CVE-2023-2975 <https://nvd.nist.gov/vuln/detail/CVE-2023-2975>,
CVE-2023-2650 <https://nvd.nist.gov/vuln/detail/CVE-2023-2650>)
- Python (CVE-2023-41105
<https://nvd.nist.gov/vuln/detail/CVE-2023-41105>, CVE-2023-40217
<https://nvd.nist.gov/vuln/detail/CVE-2023-40217>)
- SDK: Rust (CVE-2023-38497
<https://nvd.nist.gov/vuln/detail/CVE-2023-38497>)
- VMware: open-vm-tools (CVE-2023-20900
<https://nvd.nist.gov/vuln/detail/CVE-2023-20900>, CVE-2023-20867
<https://nvd.nist.gov/vuln/detail/CVE-2023-20867>)
- binutils (CVE-2023-1579
<https://nvd.nist.gov/vuln/detail/CVE-2023-1579>, CVE-2022-4285
<https://nvd.nist.gov/vuln/detail/CVE-2022-4285>, CVE-2022-38533
<https://nvd.nist.gov/vuln/detail/CVE-2022-38533>)
- c-ares (CVE-2023-32067
<https://nvd.nist.gov/vuln/detail/CVE-2023-32067>, CVE-2023-31147
<https://nvd.nist.gov/vuln/detail/CVE-2023-31147>, CVE-2023-31130
<https://nvd.nist.gov/vuln/detail/CVE-2023-31130>, CVE-2023-31124
<https://nvd.nist.gov/vuln/detail/CVE-2023-31124>)
- curl (CVE-2023-38546 <https://nvd.nist.gov/vuln/detail/CVE-2023-38546>
, CVE-2023-38545 <https://nvd.nist.gov/vuln/detail/CVE-2023-38545>,
CVE-2023-38039 <https://nvd.nist.gov/vuln/detail/CVE-2023-38039>,
CVE-2023-28322 <https://nvd.nist.gov/vuln/detail/CVE-2023-28322>,
CVE-2023-28321 <https://nvd.nist.gov/vuln/detail/CVE-2023-28321>,
CVE-2023-28320 <https://nvd.nist.gov/vuln/detail/CVE-2023-28320>,
CVE-2023-28319 <https://nvd.nist.gov/vuln/detail/CVE-2023-28319>)
- git (CVE-2023-29007 <https://nvd.nist.gov/vuln/detail/CVE-2023-29007>,
CVE-2023-25815 <https://nvd.nist.gov/vuln/detail/CVE-2023-25815>,
CVE-2023-25652 <https://nvd.nist.gov/vuln/detail/CVE-2023-25652>)
- glibc (CVE-2023-4911 <https://nvd.nist.gov/vuln/detail/CVE-2023-4911>,
CVE-2023-4806 <https://nvd.nist.gov/vuln/detail/CVE-2023-4806>,
CVE-2023-4527 <https://nvd.nist.gov/vuln/detail/CVE-2023-4527>)
- go (CVE-2023-39325 <https://nvd.nist.gov/vuln/detail/CVE-2023-39325>)
- grub (CVE-2023-4693 <https://nvd.nist.gov/vuln/detail/CVE-2023-4693>,
CVE-2023-4692 <https://nvd.nist.gov/vuln/detail/CVE-2023-4692>,
CVE-2022-3775 <https://nvd.nist.gov/vuln/detail/CVE-2022-3775>,
CVE-2022-28737 <https://nvd.nist.gov/vuln/detail/CVE-2022-28737>,
CVE-2022-28736 <https://nvd.nist.gov/vuln/detail/CVE-2022-28736>,
CVE-2022-28735 <https://nvd.nist.gov/vuln/detail/CVE-2022-28735>,
CVE-2022-28734 <https://nvd.nist.gov/vuln/detail/CVE-2022-28734>,
CVE-2022-28733 <https://nvd.nist.gov/vuln/detail/CVE-2022-28733>,
CVE-2022-2601 <https://nvd.nist.gov/vuln/detail/CVE-2022-2601>,
CVE-2021-3981 <https://nvd.nist.gov/vuln/detail/CVE-2021-3981>,
CVE-2021-3697 <https://nvd.nist.gov/vuln/detail/CVE-2021-3697>,
CVE-2021-3696 <https://nvd.nist.gov/vuln/detail/CVE-2021-3696>,
CVE-2021-3695 <https://nvd.nist.gov/vuln/detail/CVE-2021-3695>,
CVE-2021-20233 <https://nvd.nist.gov/vuln/detail/CVE-2021-20233>,
CVE-2021-20225 <https://nvd.nist.gov/vuln/detail/CVE-2021-20225>,
CVE-2020-27779 <https://nvd.nist.gov/vuln/detail/CVE-2020-27779>,
CVE-2020-27749 <https://nvd.nist.gov/vuln/detail/CVE-2020-27749>,
CVE-2020-25647 <https://nvd.nist.gov/vuln/detail/CVE-2020-25647>,
CVE-2020-25632 <https://nvd.nist.gov/vuln/detail/CVE-2020-25632>,
CVE-2020-14372 <https://nvd.nist.gov/vuln/detail/CVE-2020-14372>,
CVE-2020-10713 <https://nvd.nist.gov/vuln/detail/CVE-2020-10713>)
- intel-microcode (CVE-2023-23908
<https://nvd.nist.gov/vuln/detail/CVE-2023-23908>, CVE-2022-41804
<https://nvd.nist.gov/vuln/detail/CVE-2022-41804>, CVE-2022-40982
<https://nvd.nist.gov/vuln/detail/CVE-2022-40982>)
- libarchive (libarchive-20230729
<https://github.com/libarchive/libarchive/releases/tag/v3.7.1>)
- libcap (CVE-2023-2603 <https://nvd.nist.gov/vuln/detail/CVE-2023-2603>
, CVE-2023-2602 <https://nvd.nist.gov/vuln/detail/CVE-2023-2602>)
- libmicrohttpd (CVE-2023-27371
<https://nvd.nist.gov/vuln/detail/CVE-2023-27371>)
- libtirpc (libtirpc-rhbg-2224666
<http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1d2e10afb2ffc35cb3623f57a15f712359f18e75>
, libtirpc-rhbg-2150611
<http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=f7f0abdf267698de3f74a0285405b1b01f40893b>
, libtirpc-rhbg-2138317
<http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=4a2d85c64110ee9e21a8c4f9dafd6b0ae621506d>
)
- libxml2 (libxml2-20230428
<https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4>)
- lua (CVE-2022-33099 <https://nvd.nist.gov/vuln/detail/CVE-2022-33099>)
- mit-krb5 (CVE-2023-36054
<https://nvd.nist.gov/vuln/detail/CVE-2023-36054>)
- ncurses (CVE-2023-29491
<https://nvd.nist.gov/vuln/detail/CVE-2023-29491>)
- nvidia-drivers (CVE-2023-25516
<https://nvd.nist.gov/vuln/detail/CVE-2023-25516>, CVE-2023-25515
<https://nvd.nist.gov/vuln/detail/CVE-2023-25515>)
- openldap (CVE-2023-2953
<https://nvd.nist.gov/vuln/detail/CVE-2023-2953>)
- procps (CVE-2023-4016 <https://nvd.nist.gov/vuln/detail/CVE-2023-4016>)
- protobuf (CVE-2022-1941
<https://nvd.nist.gov/vuln/detail/CVE-2022-1941>)
- qemu (CVE-2023-2861 <https://nvd.nist.gov/vuln/detail/CVE-2023-2861>,
CVE-2023-0330 <https://nvd.nist.gov/vuln/detail/CVE-2023-0330>)
- samba (CVE-2022-1615 <https://nvd.nist.gov/vuln/detail/CVE-2022-1615>,
CVE-2021-44142 <https://nvd.nist.gov/vuln/detail/CVE-2021-44142>)
- shadow (CVE-2023-29383
<https://nvd.nist.gov/vuln/detail/CVE-2023-29383>)
- sudo (CVE-2023-28487 <https://nvd.nist.gov/vuln/detail/CVE-2023-28487>
, CVE-2023-28486 <https://nvd.nist.gov/vuln/detail/CVE-2023-28486>,
CVE-2023-27320 <https://nvd.nist.gov/vuln/detail/CVE-2023-27320>)
- torcx (CVE-2022-28948 <https://nvd.nist.gov/vuln/detail/CVE-2022-28948>
)
- vim (CVE-2023-2610 <https://nvd.nist.gov/vuln/detail/CVE-2023-2610>,
CVE-2023-2609 <https://nvd.nist.gov/vuln/detail/CVE-2023-2609>,
CVE-2023-2426 <https://nvd.nist.gov/vuln/detail/CVE-2023-2426>)
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Bug-fixes3>Bug fixes
- AWS: Fixed the Amazon SSM agent that was crashing. (Flatcar#1307
<https://github.com/flatcar/Flatcar/issues/1307>)
- Added AWS EKS support for versions 1.24-1.28. Fixed
/usr/share/amazon/eks/download-kubelet.sh to include download paths for
these versions. (scripts#1210
<https://github.com/flatcar/scripts/pull/1210>)
- Fix the RemainAfterExit clause in nvidia.service (Flatcar#1169
<https://github.com/flatcar/Flatcar/issues/1169>)
- Fixed a bug resulting in coreos-cloudinit resetting the instance
hostname to ‘localhost’ if no metadata could be found (
coreos-cloudinit#25 <https://github.com/flatcar/coreos-cloudinit/pull/25>
, Flatcar#1262 <https://github.com/flatcar/Flatcar/issues/1262>), with
contributions from MichaelEischer <https://github.com/MichaelEischer>
- Fixed bug in handling renamed network interfaces when generating login
issue (init#102 <https://github.com/flatcar/init/pull/102>)
- Fixed iterating over the OEM update payload signatures which prevented
the AWS OEM update to 3745.x.y (update-engine#31
<https://github.com/flatcar/update_engine/pull/31>)
- Fixed quotes handling for update-engine (Flatcar#1209
<https://github.com/flatcar/Flatcar/issues/1209>)
- Fixed supplying extension update payloads with a custom base URL in
Nebraska (Flatcar#1281 <https://github.com/flatcar/Flatcar/issues/1281>)
- Fixed the missing /etc/extensions/ symlinks for the inbuilt
Docker/containerd systemd-sysext images on update from Beta 3760.1.0 (
update_engine#32 <https://github.com/flatcar/update_engine/pull/32>)
- Fixed the postinstall hook failure when updating from Azure instances
without OEM systemd-sysext images to Flatcar Alpha 3745.x.y (
update_engine#29 <https://github.com/flatcar/update_engine/pull/29>)
- GCP: Fixed OS Login enabling (scripts#1445
<https://github.com/flatcar/scripts/pull/1445>)
- Made sshkeys.service more robust to only run
coreos-meta...@core.service when not masked and also retry on
failure (init#112 <https://github.com/flatcar/init/pull/112>)
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Changes2>Changes
- [image: :warning:] Dropped support for niftycloud and interoute. For
interoute we haven’t been generating the images for some time already. (
scripts#971 <https://github.com/flatcar/scripts/pull/971>) [image:
:warning:]
- AWS OEM images now use a systemd-sysext image for layering additional
platform-specific software on top of /usr
- Added TLS Kernel module (scripts#865
<https://github.com/flatcar/scripts/pull/865>)
- Added support for multipart MIME userdata in coreos-cloudinit.
Ignition now detects multipart userdata and delegates execution to
coreos-cloudinit. (scripts#873)
- Azure and QEMU OEM images now use systemd-sysext images for layering
additional platform-specific software on top of /usr. For Azure images
this also means that the image has a normal Python installation available
through the sysext image. The OEM software is still not updated but this
will be added soon.
- Change nvidia.service to type oneshot (from the default “simple”) so
the subsequent services (configured with “Requires/After”) are executed
after the driver installation is successfully finished
(flatcar/Flatcar#1136)
- Enabled the virtio GPU driver (scripts#830
<https://github.com/flatcar/scripts/pull/830>)
- Migrate to Type=notify in containerd.service. Changed the unit to
Type=notify, utilizing the existing containerd support for sd_notify call
after socket setup.
- Migrated the NVIDIA installer from the Azure/AWS OEM partition to /usr to
make it available on all platforms (scripts#932
<https://github.com/flatcar/scripts/pull/932/>, Flatcar#1077
<https://github.com/flatcar/Flatcar/issues/1077>)
- Moved a mountpoint of the OEM partition from /usr/share/oem to /oem.
/usr/share/oem became a symlink to /oem for backward compatibility.
Despite the move, the initrd images providing files through
/usr/share/oem should keep using /usr/share/oem. The move was done to
enable activating the OEM sysext images that are placed in the OEM
partition.
- OEM vendor tools are now A/B updated if they are shipped as
systemd-sysext images, the migration happens when both partitions require a
systemd-sysext OEM image - note that this will delete the nvidia.service
from /etc on Azure because it’s now part of /usr (Flatcar#60
<https://github.com/flatcar/Flatcar/issues/60>)
- Reworked the VMware OEM software to be shipped as A/B updated
systemd-sysext image
- SDK: Experimental support for prefix builds
<https://github.com/flatcar/scripts/blob/main/PREFIX.md> to create
distro independent, portable, self-contained applications w/ all
dependencies included. With contributions from chewi
<https://github.com/chewi> and HappyTobi <https://github.com/HappyTobi>.
- Started shipping default ssh client and ssh daemon configs in
/etc/ssh/ssh_config and /etc/ssh/sshd_config which include config
snippets in /etc/ssh/ssh_config.d and /etc/ssh/sshd_config.d,
respectively.
- The open-vm-tools package in VMware OEM now comes with vmhgfs-fuse,
udev rules, pam and vgauth
- Updated locksmith to use non-deprecated resource control options in
the systemd unit (Locksmith#20
<https://github.com/flatcar/locksmith/pull/20>)
<https://hackmd.io/stjMbwGHQqyH8_PNPoCafQ?both#Updates3>Updates
- Linux (6.1.73 <https://lwn.net/Articles/958343> (includes 6.1.72
<https://lwn.net/Articles/957376>, 6.1.71
<https://lwn.net/Articles/957009>, 6.1.70
<https://lwn.net/Articles/956526>, 6.1.69
<https://lwn.net/Articles/955814>, 6.1.68
<https://lwn.net/Articles/954989>, 6.1.67
<https://lwn.net/Articles/954455>, 6.1.66
<https://lwn.net/Articles/954112>, 6.1.65
<https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.1.65>
, 6.1.64 <https://lwn.net/Articles/953132>, 6.1.63
<https://lwn.net/Articles/952003>, 6.1.62
<https://lwn.net/Articles/950700>, 6.1.61
<https://lwn.net/Articles/949826>, 6.1.60
<https://lwn.net/Articles/948817>, 6.1.59
<https://lwn.net/Articles/948299>, 6.1.58
<https://lwn.net/Articles/947820>, 6.1.57
<https://lwn.net/Articles/947298>, 6.1.56
<https://lwn.net/Articles/946854>, 6.1.55
<https://lwn.net/Articles/945379>, 6.1.54
<https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.1.54>
, 6.1.53 <https://lwn.net/Articles/944358>, 6.1.52
<https://lwn.net/Articles/943754>, 6.1.51
<https://lwn.net/Articles/943403>, 6.1.50
<https://lwn.net/Articles/943112>, 6.1.49
<https://lwn.net/Articles/942880>, 6.1.48
<https://lwn.net/Articles/942865>, 6.1.47
<https://lwn.net/Articles/942531>, 6.1.46
<https://lwn.net/Articles/941774>, 6.1.45
<https://lwn.net/Articles/941273>, 6.1.44
<https://lwn.net/Articles/940800>, 6.1.43
<https://lwn.net/Articles/940338>, 6.1.42
<https://lwn.net/Articles/939423>, 6.1.41
<https://lwn.net/Articles/939103>, 6.1.40
<https://lwn.net/Articles/939015>, 6.1.39
<https://lwn.net/Articles/938619>, 6.1.38
<https://lwn.net/Articles/937403>, 6.1.37
<https://lwn.net/Articles/937082>, 6.1.36
<https://lwn.net/Articles/936674>, 6.1.35
<https://lwn.net/Articles/935588>, 6.1.34
<https://lwn.net/Articles/934623>, 6.1.33
<https://lwn.net/Articles/934319>, 6.1.32
<https://lwn.net/Articles/933908>, 6.1.31
<https://lwn.net/Articles/933281>, 6.1.30
<https://lwn.net/Articles/932882>, 6.1.29
<https://lwn.net/Articles/932133>, 6.1.28
<https://lwn.net/Articles/931651>, 6.1.27
<https://lwn.net/Articles/930597/>, 6.1
<https://kernelnewbies.org/Linux_6.1>))
- Linux Firmware (20230919
<https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230919>
(includes 20230804
<https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230804>
, 20230625
<https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230625>
, 20230515
<https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20230515>
))
- AWS: amazon-ssm-agent (3.2.985.0
<https://github.com/aws/amazon-ssm-agent/releases/tag/3.2.985.0>)
- Go (1.20.9 <https://go.dev/doc/devel/release#go1.20.9> (includes 1.20.8
<https://go.dev/doc/devel/release#go1.20.8>, 1.20.7
<https://go.dev/doc/devel/release#go1.20.7>, 1.20.6
<https://go.dev/doc/devel/release#go1.20.6>, 1.20.5
<https://go.dev/doc/devel/release#go1.20.5>, 1.20.4
<https://go.dev/doc/devel/release#go1.20.4>, 1.20.10
<https://go.dev/doc/devel/release#go1.20.10>, 1.19.13
<https://go.dev/doc/devel/release#go1.19.13>, 1.19.12
<https://go.dev/doc/devel/release#go1.19.12>, 1.19.11
<https://go.dev/doc/devel/release#go1.19.11>, 1.19.10
<https://go.dev/doc/devel/release#go1.19.10>))
- OpenSSL (3.0.9
<https://github.com/openssl/openssl/blob/openssl-3.0.9/NEWS.md#major-changes-between-openssl-308-and-openssl-309-30-may-2023>
)
- SDK: Rust (1.72.1
<https://github.com/rust-lang/rust/releases/tag/1.72.1> (includes 1.72.0
<https://github.com/rust-lang/rust/releases/tag/1.72.0>, 1.71.1
<https://github.com/rust-lang/rust/releases/tag/1.71.1>, 1.71.0
<https://github.com/rust-lang/rust/releases/tag/1.71.0>, 1.70.0
<https://github.com/rust-lang/rust/releases/tag/1.70.0>))
- SDK: file (5.45 <https://github.com/file/file/blob/FILE5_45/ChangeLog>)
- SDK: gnuconfig (20230731
<https://git.savannah.gnu.org/cgit/config.git/log/?id=d4e37b5868ef910e3e52744c34408084bb13051c>
)
- SDK: libxslt (1.1.38
<https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.38>)
- SDK: man-db (2.11.2 <https://gitlab.com/man-db/man-db/-/tags/2.11.2>)
- SDK: man-pages (6.03
<https://lore.kernel.org/lkml/d56662b2-538c-7252...@gmail.com/T/>
)
- SDK: pahole (1.25
<https://github.com/acmel/dwarves/blob/master/changes-v1.25>)
- SDK: perf (6.3
<https://kernelnewbies.org/LinuxChanges#Linux_6.3.Tracing.2C_perf_and_BPF>
)
- SDK: perl (5.36.1 <https://perldoc.perl.org/perl5361delta>)
- SDK: portage (3.0.49
<https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.49>
(includes 3.0.49
<https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.49>,
3.0.46
<https://gitweb.gentoo.org/proj/portage.git/tree/NEWS?h=portage-3.0.46>))
- SDK: python (3.11.5
<https://www.python.org/downloads/release/python-3115/> (includes 3.11.3
<https://www.python.org/downloads/release/python-3113/>, 3.10.12
<https://www.python.org/downloads/release/python-31012/>, 3.10.11
<https://www.python.org/downloads/release/python-31011/>))
- SDK: qemu (8.0.4 <https://wiki.qemu.org/ChangeLog/8.0> (includes 8.0.3
<https://wiki.qemu.org/ChangeLog/8.0>, 7.2.3
<https://wiki.qemu.org/ChangeLog/7.2>))
- SDK: qemu-guest-agent (8.0.3
<https://wiki.qemu.org/ChangeLog/8.0#Guest_agent> (includes 8.0.0
<https://wiki.qemu.org/ChangeLog/8.0#Guest_agent>))
- VMWARE: libdnet (1.16.2
<https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16.2> (includes
1.16 <https://github.com/ofalk/libdnet/releases/tag/libdnet-1.16>))
- VMware: open-vm-tools (12.3.0
<https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0>
(includes 12.2.5
<https://github.com/vmware/open-vm-tools/releases/tag/stable-12.2.5>))
- XZ Utils (5.4.3
<https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;h=2f4d35adca6198671434d2988803cc9316ad1ec8;hb=dbb3a536ed9873ffa0870321f6873e564c6a9da8>
)
- afterburn (5.5.0
<https://github.com/coreos/afterburn/releases/tag/v5.5.0>)
- bind-tools (9.16.42
<https://bind9.readthedocs.io/en/v9.16.42/notes.html#notes-for-bind-9-16-42>
(includes 9.16.41
<https://bind9.readthedocs.io/en/v9.16.41/notes.html#notes-for-bind-9-16-41>
))
- binutils (2.40
<https://lists.gnu.org/archive/html/info-gnu/2023-01/msg00003.html>)
- bpftool (6.3
<https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/log/tools/bpf/bpftool?h=v6.3>
)
- c-ares (1.19.1
<https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1>)
- cJSON (1.7.16
<https://github.com/DaveGamble/cJSON/releases/tag/v1.7.16>)
- ca-certificates (3.96.1
<https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html>
(includes 3.96
<https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96.html>
))
- checkpolicy (3.5
<https://github.com/SELinuxProject/selinux/releases/tag/3.5>)
- cifs-utils (7.0
<https://lists.samba.org/archive/samba-technical/2022-August/137528.html>
)
- containerd (1.7.7
<https://github.com/containerd/containerd/releases/tag/v1.7.7> (includes
1.7.6 <https://github.com/containerd/containerd/releases/tag/v1.7.6>,
1.7.5 <https://github.com/containerd/containerd/releases/tag/v1.7.5>,
1.7.4 <https://github.com/containerd/containerd/releases/tag/v1.7.4>,
1.7.3 <https://github.com/containerd/containerd/releases/tag/v1.7.3>,
1.7.2 <https://github.com/containerd/containerd/releases/tag/v1.7.2>))
- coreutils (9.3
<https://lists.gnu.org/archive/html/info-gnu/2023-04/msg00006.html>
(includes 9.1
<https://git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?h=v9.1>))
- cryptsetup (2.6.1
<https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.1/docs/v2.6.1-ReleaseNotes>
(includes 2.6.0
<https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.6.0/docs/v2.6.0-ReleaseNotes>
, 2.5.0
<https://gitlab.com/cryptsetup/cryptsetup/-/blob/v2.5.0/docs/v2.5.0-ReleaseNotes>
))
- curl (8.4.0 <https://curl.se/changes.html#8_4_0> (includes 8.3.0
<https://curl.se/changes.html#8_3_0>, 8.2.1
<https://curl.se/changes.html#8_2_1>, 8.2.0
<https://curl.se/changes.html#8_2_0>, 8.1.2
<https://curl.se/changes.html#8_1_2>, 8.1.0
<https://curl.se/changes.html#8_1_0>))
- debianutils (5.7
<https://metadata.ftp-master.debian.org/changelogs//main/d/debianutils/debianutils_5.7-0.4_changelog>
)
- diffutils (3.10
<https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00009.html>)
- elfutils (0.189
<https://sourceware.org/pipermail/elfutils-devel/2023q1/006023.html>)
- ethtool (6.4
<https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.4>
(includes 6.3
<https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/commit/?id=7bdf78f0d2a9ae1571fe9444e552490130e573fd>
, 6.2
<https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/NEWS?h=v6.2>
))
- gawk (5.2.2
<https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00008.html>)
- gcc (13.2 <https://gcc.gnu.org/gcc-13/changes.html>)
- gdb (13.2
<https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00011.html>)
- gdbm (1.23
<https://lists.gnu.org/archive/html/info-gnu/2022-02/msg00004.html>)
- git (2.41.0 <https://lore.kernel.org/git/xmqqleh3a3wm.fsf@gitster.g/>
(includes 2.39.3
<https://github.com/git/git/blob/v2.39.3/Documentation/RelNotes/2.39.3.txt>
))
- glib (2.76.4 <https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.4>
(includes 2.76.3 <https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.3>
, 2.76.2 <https://gitlab.gnome.org/GNOME/glib/-/releases/2.76.2>))
- glibc (2.37
<https://sourceware.org/git/?p=glibc.git;a=tag;h=refs/tags/glibc-2.37>)
- gmp (6.3.0 <https://gmplib.org/gmp6.3>)
- gptfdisk (1.0.9
<https://sourceforge.net/p/gptfdisk/code/ci/1d46f3723bc25f5598266f7d9a3548af3cee0c77/tree/NEWS>
)
- grep (3.8 <http://savannah.gnu.org/forum/forum.php?forum_id=10227>
(includes 3.11
<https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00004.html>))
- grub (2.06
<https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00022.html>)
- gzip (1.13 <https://savannah.gnu.org/news/?id=10501>)
- hwdata (0.373 <https://github.com/vcrhonek/hwdata/commits/v0.373>
(includes 0.372 <https://github.com/vcrhonek/hwdata/commits/v0.372>,
0.371 <https://github.com/vcrhonek/hwdata/commits/v0.371>, 0.367
<https://github.com/vcrhonek/hwdata/releases/tag/v0.367>))
- inih (57 <https://github.com/benhoyt/inih/releases/tag/r57> (includes
56 <https://github.com/benhoyt/inih/releases/tag/r56>))
- intel-microcode (20230808
<https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808>
(includes 20230613
<https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230613>
, 20230512
<https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230512>
))
- iperf (3.14
<https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-314-2023-07-07>
)
- iproute2 (6.4.0
<https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v6.4.0>
(includes 6.3.0 <https://lwn.net/Articles/930473/>, 6.2
<https://lwn.net/Articles/923952/>))
- ipset (7.17
<https://git.netfilter.org/ipset/tree/ChangeLog?id=186f9b57c60bb53aae5f6633eff1e9d5e9095c3e>
)
- kbd (2.6.1 <https://github.com/legionus/kbd/releases/tag/v2.6.1>
(includes 2.6.0 <https://github.com/legionus/kbd/releases/tag/v2.6.0>,
2.5.1 <https://github.com/legionus/kbd/releases/tag/v2.5.1>))
- kexec-tools (2.0.24
<https://github.com/horms/kexec-tools/releases/tag/v2.0.24>)
- kmod (30 <https://lwn.net/Articles/899526/>)
- ldb (2.4.4
<https://gitlab.com/samba-team/samba/-/commit/b686ef00da46d4a0c0aba0c61b1866cbc9b462b6>
(includes 2.4.3
<https://gitlab.com/samba-team/samba/-/commit/604f94704f30e90ef960aa2be62a14d2e614a002>
, 2.4.2
<https://gitlab.com/samba-team/samba/-/commit/d93892d2e8ed69758c15ab18bc03bba09e715bc6>
))
- less (633 <http://www.greenwoodsoftware.com/less/news.633.html>
(includes 632 <http://www.greenwoodsoftware.com/less/news.632.html>))
- libarchive (3.7.1
<https://github.com/libarchive/libarchive/releases/tag/v3.7.1> (includes
3.7.0 <https://github.com/libarchive/libarchive/releases/tag/v3.7.0>))
- libassuan (2.5.6
<https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libassuan.git;a=blob;f=NEWS;h=e52bb5dd36ac93ea227e53e89f82af9ccf38f339;hb=6b50ee6bcdd6aa81bd7cc3fb2379864c3ed479b8>
)
- libbsd (0.11.7
<https://lists.freedesktop.org/archives/libbsd/2022-October/000337.html>)
- libcap (2.69
<https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe>
)
- libgcrypt (1.10.2
<https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=c9a239615f8070427a96688b1be40a81e59e9b8a;hb=1c5cbacf3d88dded5063e959ee68678ff7d0fa56>
(includes 1.10.1
<https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS;h=03132c2a115e35783a782c64777cf5f5b1a2825f;hb=ae0e567820c37f9640440b3cff77d7c185aa6742>
))
- libgpg-error (1.47 <https://dev.gnupg.org/T6231> (includes 1.46
<https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=NEWS;h=14b0ba97d6ba2b10b3178f2e4a3e24bfc2355bb3;hb=ea031873aa9642831017937fd33e9009d514ee07>
))
- libksba (1.6.4
<https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=blob;f=NEWS;h=f640523209c1c9ce9855040e53914a79d24d6a67;hb=557999424ebd13e70d6fc17e648a5dd2a06f440b>
)
- libmd (1.1.0 <https://git.hadrons.org/cgit/libmd.git/log/?h=1.1.0>)
- libmicrohttpd (0.9.77
<https://gitlab.com/libmicrohttpd/libmicrohttpd/-/releases/v0.9.77>
(includes 0.9.76
<https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html>
))
- libnftnl (1.2.6
<https://git.netfilter.org/libnftnl/log/?h=libnftnl-1.2.6> (includes
1.2.5 <https://git.netfilter.org/libnftnl/log/?h=libnftnl-1.2.5>))
- libnl (3.8.0
<https://github.com/thom311/libnl/compare/libnl3_7_0...libnl3_8_0>)
- libnvme (1.5 <https://github.com/linux-nvme/libnvme/releases/tag/v1.5>)
- libpcap (1.10.4
<https://github.com/the-tcpdump-group/libpcap/blob/24832dd2728bd95ed9b9464ef27b47a943c38003/CHANGES#L51>
)
- libpcre (8.45 <https://www.pcre.org/original/changelog.txt>)
- libpipeline (1.5.7
<https://gitlab.com/libpipeline/libpipeline/-/tags/1.5.7>)
- libselinux (3.5
<https://github.com/SELinuxProject/selinux/releases/tag/3.5>)
- libsemanage (3.5
<https://github.com/SELinuxProject/selinux/releases/tag/3.5>)
- libsepol (3.5
<https://github.com/SELinuxProject/selinux/releases/tag/3.5>)
- libtirpc (1.3.4 <https://marc.info/?l=linux-nfs&m=169667640909830&w=2>)
- libusb (1.0.26
<https://github.com/libusb/libusb/blob/v1.0.26/ChangeLog>)
- libuv (1.46.0 <https://github.com/libuv/libuv/releases/tag/v1.46.0>
(includes 1.45.0 <https://github.com/libuv/libuv/releases/tag/v1.45.0>))
- libxml2 (2.11.5
<https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5> (includes
2.11.4 <https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4>))
- lsof (4.98.0
<https://github.com/lsof-org/lsof/blob/4.98.0/00DIST#L5471>)
- lua (5.4.6 <https://www.lua.org/manual/5.4/readme.html#changes>
(includes 5.4.4 <https://www.lua.org/manual/5.4/readme.html#changes>))
- mit-krb5 (1.21.2 <http://web.mit.edu/kerberos/krb5-1.21/>)
- multipath-tools (0.9.5
<https://github.com/opensvc/multipath-tools/commits/0.9.5>)
- ncurses (6.4
<https://invisible-island.net/ncurses/announce.html#h2-release-notes>)
- nettle (3.9.1
<https://git.lysator.liu.se/nettle/nettle/-/blob/nettle_3.9.1_release_20230601/ChangeLog>
)
- nmap (7.94 <https://nmap.org/changelog.html#7.94>)
- nvidia-drivers (535.104.05
<https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-535-104-05/index.html>
)
- nvme-cli (2.5
<https://github.com/linux-nvme/nvme-cli/releases/tag/v2.5> (includes 2.3
<https://github.com/linux-nvme/nvme-cli/releases/tag/v2.3>))
- open-isns (0.102
<https://github.com/open-iscsi/open-isns/blob/v0.102/ChangeLog>)
- openldap (2.6.4
<https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_4/CHANGES>
(includes 2.6.3
<https://lists.openldap.org/hyperkitty/list/openldap...@openldap.org/thread/FQJM2JSSSOMLQH7XC7Q5IZJYOGCTV2LK/>
, 2.6
<https://lists.openldap.org/hyperkitty/list/openldap...@openldap.org/thread/IHS5V46H6NFNFUERMC6AWMPHTWRVNLFA/>
, 2.5.14
<https://lists.openldap.org/hyperkitty/list/openldap...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/>
, 2.5
<https://lists.openldap.org/hyperkitty/list/openldap...@openldap.org/thread/BH3VDPG6IYYF5L5U6LZGHHKMJY5HFA3L/>
))
- openssh (9.5p1 <https://www.openssh.com/releasenotes.html#9.5p1>
(includes 9.4p1 <https://www.openssh.com/releasenotes.html#9.4p1>))
- parted (3.6
<https://git.savannah.gnu.org/gitweb/?p=parted.git;a=blob;f=NEWS;h=52bb11697039f70e55120c571750f9ee761a75aa;hb=3b5f327b213d21e9adb9ba933c78dd898fee5b1d>
)
- pax-utils (1.3.7
<https://gitweb.gentoo.org/proj/pax-utils.git/log/?h=v1.3.7>)
- pciutils (3.9.0
<https://github.com/pciutils/pciutils/releases/tag/v3.9.0> (includes
3.10.0 <https://github.com/pciutils/pciutils/blob/v3.10.0/ChangeLog>))
- pigz (2.8
<https://zlib.net/pipermail/pigz-announce_zlib.net/2023-August/000018.html>
)
- policycoreutils (3.5
<https://github.com/SELinuxProject/selinux/releases/tag/3.5>)
- popt (1.19
<https://github.com/rpm-software-management/popt/releases/tag/popt-1.19-release>
)
- procps (4.0.4 <https://gitlab.com/procps-ng/procps/-/releases/v4.0.4>
(includes 4.0.3 <https://gitlab.com/procps-ng/procps/-/releases/v4.0.3>
, 4.0.0 <https://gitlab.com/procps-ng/procps/-/releases/v4.0.0>))
- protobuf (21.9
<https://github.com/protocolbuffers/protobuf/releases/tag/v21.9>)
- psmisc (23.6 <https://gitlab.com/psmisc/psmisc/-/blob/v23.6/ChangeLog>)
- quota (4.09
<https://sourceforge.net/p/linuxquota/code/ci/87d2fd7635e4bca54fa2a00b8d5b073ba9ca521b/tree/Changelog>
)
- rpcsvc-proto (1.4.4
<https://github.com/thkukuk/rpcsvc-proto/releases/tag/v1.4.4>)
- runc (1.1.9
<https://github.com/opencontainers/runc/releases/tag/v1.1.9> (includes
1.1.8 <https://github.com/opencontainers/runc/releases/tag/v1.1.8>))
- samba (4.18.4
<https://wiki.samba.org/index.php/Samba_4.18_Features_added/changed#Samba_4.18.4>
)
- sed (4.9
<https://lists.gnu.org/archive/html/info-gnu/2022-11/msg00001.html>)
- selinux-base (2.20221101
<https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101>
)
- selinux-base-policy (2.20221101
<https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101>
)
- selinux-container (2.20221101
<https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101>
)
- selinux-sssd (2.20221101
<https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101>
)
- selinux-unconfined (2.20221101
<https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20221101>
)
- semodule-utils (3.5
<https://github.com/SELinuxProject/selinux/releases/tag/3.5>)
- smartmontools (7.3
<https://github.com/smartmontools/smartmontools/releases/tag/RELEASE_7_3>
)
- sqlite (3.42.0 <https://sqlite.org/releaselog/3_42_0.html>)
- strace (6.4 <https://github.com/strace/strace/releases/tag/v6.4>
(includes 6.3 <https://github.com/strace/strace/releases/tag/v6.3>, 6.2
<https://github.com/strace/strace/releases/tag/v6.2>))
- sudo (1.9.13p3 <https://www.sudo.ws/releases/stable/#1.9.13p3>)
- talloc (2.4.0
<https://gitlab.com/samba-team/samba/-/commit/5224ed98eeba43f22b5f5f87de5947fbb1c1c7c1>
(includes 2.3.4
<https://gitlab.com/samba-team/samba/-/commit/0189ccf9fc3d2a77cc83cffe180e307bcdccebb4>
))
- tar (1.35
<https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html>)
- tdb (1.4.8
<https://gitlab.com/samba-team/samba/-/commit/eab796a4f9172e602dc262f3c99ead35b35929e7>
(includes 1.4.7
<https://gitlab.com/samba-team/samba/-/commit/27ceb1c3ad786386e746a5e2968780d791393b9e>
, 1.4.6
<https://gitlab.com/samba-team/samba/-/commit/1c776e54cf33b46b2ed73263f093d596a0cdbb2f>
))
- tevent (0.14.1
<https://gitlab.com/samba-team/samba/-/commit/d80f28b081e515e32a480daf80b42cf782447a9c>
(includes 0.14.0
<https://gitlab.com/samba-team/samba/-/commit/3c6d28ebae27dba8e40558ae37ae8138ea0b4bdc>
, 0.13.0
<https://gitlab.com/samba-team/samba/-/commit/63d4db63feda920c8020f8484a8b31065b7f1380>
, 0.12.1
<https://gitlab.com/samba-team/samba/-/commit/53692735c733d01acbd953641f831a1f5e0cf6c5>
, 0.12.0 <https://gitlab.com/samba-team/samba/-/tags/tevent-0.12.0>))
- usbutils (015
<https://github.com/gregkh/usbutils/blob/79b796f945ea7d5c2b0e2a74f9b8819cb7948680/NEWS>
)
- userspace-rcu (0.14.0
<https://github.com/urcu/userspace-rcu/blob/v0.13.2/ChangeLog>)
- util-linux (2.38.1
<https://github.com/util-linux/util-linux/releases/tag/v2.38.1>)
- vim (9.0.1678 <https://github.com/vim/vim/commits/v9.0.1678> (includes
9.0.1677 <https://github.com/vim/vim/commits/v9.0.1677>, 9.0.1503
<https://github.com/vim/vim/commits/v9.0.1503>))
- wget (1.21.4
<https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00003.html>)
- whois (5.5.18
<https://github.com/rfc1036/whois/blob/v5.5.18/debian/changelog>
(includes 5.5.17
<https://github.com/rfc1036/whois/commit/bac7108b01cfd54c517444efa1239e10e6edd5a4>
))
- xfsprogs (6.4.0
<https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.4.0>
(includes 6.3.0
<https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/tree/doc/CHANGES?h=v6.3.0>
))
- zstd (1.5.5 <https://github.com/facebook/zstd/releases/tag/v1.5.5>)
Changes since Beta-3760.1.1
<https://hackmd.io/F3S7b5dqT-ax9wK6c8G3eQ#Security-fixes>Security fixes:
-
- Linux (CVE-2023-1193
<https://nvd.nist.gov/vuln/detail/CVE-2023-1193>, CVE-2023-51779
<https://nvd.nist.gov/vuln/detail/CVE-2023-51779>, CVE-2023-51780
<https://nvd.nist.gov/vuln/detail/CVE-2023-51780>, CVE-2023-51781
<https://nvd.nist.gov/vuln/detail/CVE-2023-51781>, CVE-2023-51782
<https://nvd.nist.gov/vuln/detail/CVE-2023-51782>, CVE-2023-6531
<https://nvd.nist.gov/vuln/detail/CVE-2023-6531>, CVE-2023-6606
<https://nvd.nist.gov/vuln/detail/CVE-2023-6606>, CVE-2023-6622
<https://nvd.nist.gov/vuln/detail/CVE-2023-6622>, CVE-2023-6817
<https://nvd.nist.gov/vuln/detail/CVE-2023-6817>, CVE-2023-6931
<https://nvd.nist.gov/vuln/detail/CVE-2023-6931>)
<https://hackmd.io/F3S7b5dqT-ax9wK6c8G3eQ#Bug-fixes>Bug fixes:
-
- AWS: Fixed the Amazon SSM agent that was crashing. (Flatcar#1307
<https://github.com/flatcar/Flatcar/issues/1307>)
- Fixed a bug resulting in coreos-cloudinit resetting the instance
hostname to ‘localhost’ if no metadata could be found (
coreos-cloudinit#25
<https://github.com/flatcar/coreos-cloudinit/pull/25>, Flatcar#1262
<https://github.com/flatcar/Flatcar/issues/1262>), with contributions
from MichaelEischer <https://github.com/MichaelEischer>
- Fixed supplying extension update payloads with a custom base URL in
Nebraska (Flatcar#1281
<https://github.com/flatcar/Flatcar/issues/1281>)
<https://hackmd.io/F3S7b5dqT-ax9wK6c8G3eQ#Updates>Updates
-
- Linux (6.1.73 <https://lwn.net/Articles/958343> (includes 6.1.72
<https://lwn.net/Articles/957376>, 6.1.71
<https://lwn.net/Articles/957009>, 6.1.70
<https://lwn.net/Articles/956526>, 6.1.69
<https://lwn.net/Articles/955814>, 6.1.68
<https://lwn.net/Articles/954989>, 6.1.67
<https://lwn.net/Articles/954455>))
- ca-certificates (3.96.1
<https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html>
(includes 3.96
<https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96.html>
))
<https://hackmd.io/F3S7b5dqT-ax9wK6c8G3eQ#Detailed-Security-Report>Detailed
Security Report
Security fix: With the Alpha 3850.0.0, Beta 3815.1.0, Stable 3760.2.0
releases we ship fixes for the CVEs listed below.
<https://hackmd.io/F3S7b5dqT-ax9wK6c8G3eQ#Alpha-385000>Alpha 3850.0.0
-
-
Linux
-
CVE-2022-27672 <https://nvd.nist.gov/vuln/detail/CVE-2022-27672> CVSSv3
score: 4.7(Medium)
When SMT is enabled, certain AMD processors may speculatively
execute instructions using a target
from the sibling thread after an SMT mode switch potentially
resulting in information disclosure.
-
CVE-2022-40982 <https://nvd.nist.gov/vuln/detail/CVE-2022-40982> CVSSv3
score: n/a
Information exposure through microarchitectural state after
transient execution in certain vector execution units for some Intel®
Processors may allow an authenticated user to potentially enable
information disclosure via local access.
-
CVE-2022-4269 <https://nvd.nist.gov/vuln/detail/CVE-2022-4269> CVSSv3
score: 5.5(Medium)
A flaw was found in the Linux kernel Traffic Control (TC)
subsystem. Using a specific networking configuration (redirecting egress
packets to ingress using TC action "mirred") a local unprivileged user
could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol
in use (TCP or SCTP) does a retransmission, resulting in a denial of
service condition.
-
CVE-2022-45886 <https://nvd.nist.gov/vuln/detail/CVE-2022-45886> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel through 6.0.9.
drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open
race condition that leads to a use-after-free.
-
CVE-2022-45887 <https://nvd.nist.gov/vuln/detail/CVE-2022-45887> CVSSv3
score: 4.7(Medium)
An issue was discovered in the Linux kernel through 6.0.9.
drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the
lack of a dvb_frontend_detach call.
-
CVE-2022-45919 <https://nvd.nist.gov/vuln/detail/CVE-2022-45919> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel through 6.0.10. In
drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is
there is a disconnect after an open, because of the lack of a wait_event.
-
CVE-2022-48425 <https://nvd.nist.gov/vuln/detail/CVE-2022-48425> CVSSv3
score: 7.8(High)
In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid
kfree because it does not validate MFT flags before replaying logs.
-
CVE-2023-0160 <https://nvd.nist.gov/vuln/detail/CVE-2023-0160> CVSSv3
score: 5.5(Medium)
A deadlock flaw was found in the Linux kernel’s BPF subsystem.
This flaw allows a local user to potentially crash the system.
-
CVE-2023-0459 <https://nvd.nist.gov/vuln/detail/CVE-2023-0459> CVSSv3
score: 5.5(Medium)
Copy_from_user on 64-bit versions of the Linux kernel does not
implement the __uaccess_begin_nospec allowing a user to bypass the
"access_ok" check and pass a kernel pointer to copy_from_user(). This would
allow an attacker to leak information. We recommend upgrading beyond
commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
-
CVE-2023-1032 <https://nvd.nist.gov/vuln/detail/CVE-2023-1032> CVSSv3
score: 5.5(Medium)
The Linux kernel io_uring IORING_OP_SOCKET operation contained a
double free in function __sys_socket_file() in file net/socket.c. This
issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed
in 649c15c7691e9b13cbe9bf6c65c365350e056067.
-
CVE-2023-1076 <https://nvd.nist.gov/vuln/detail/CVE-2023-1076> CVSSv3
score: 5.5(Medium)
A flaw was found in the Linux Kernel. The tun/tap sockets have
their socket UID hardcoded to 0 due to a type confusion in their
initialization function. While it will be often correct, as tuntap devices
require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user
only having that capability. This would make tun/tap sockets being
incorrectly treated in filtering/routing decisions, possibly bypassing
network filters.
-
CVE-2023-1077 <https://nvd.nist.gov/vuln/detail/CVE-2023-1077> CVSSv3
score: 7(High)
In the Linux kernel, pick_next_rt_entity() may return a type
confused entry, not detected by the BUG_ON condition, as the confused entry
will not be NULL, but list_head.The buggy error condition would lead to a
type confused entry with the list head,which would then be used as a type
confused sched_rt_entity,causing memory corruption.
-
CVE-2023-1079 <https://nvd.nist.gov/vuln/detail/CVE-2023-1079> CVSSv3
score: 6.8(Medium)
A flaw was found in the Linux kernel. A use-after-free may be
triggered in asus_kbd_backlight_set when plugging/disconnecting in a
malicious USB device, which advertises itself as an Asus device. Similarly
to the previous known CVE-2023-25012, but in asus devices, the work_struct
may be scheduled by the LED controller while the device is disconnecting,
triggering a use-after-free on the struct asus_kbd_leds *led structure. A
malicious USB device may exploit the issue to cause memory corruption with
controlled data.
-
CVE-2023-1118 <https://nvd.nist.gov/vuln/detail/CVE-2023-1118> CVSSv3
score: 7.8(High)
A flaw use after free in the Linux kernel integrated infrared
receiver/transceiver driver was found in the way user detaching rc device.
A local user could use this flaw to crash the system or potentially
escalate their privileges on the system.
-
CVE-2023-1192 <https://nvd.nist.gov/vuln/detail/CVE-2023-1192> CVSSv3
score: n/a
A use-after-free flaw was found in smb2_is_status_io_timeout() in
CIFS in the Linux Kernel. After CIFS transfers response data to a system
call, there are still local variable points to the memory region, and if
the system call frees it faster than CIFS uses it, CIFS will access a free
memory region, leading to a denial of service.
-
CVE-2023-1193 <https://nvd.nist.gov/vuln/detail/CVE-2023-1193> CVSSv3
score: n/a
A use-after-free flaw was found in setup_async_work in the KSMBD
implementation of the in-kernel samba server and CIFS in the Linux kernel.
This issue could allow an attacker to crash the system by accessing freed
work.
-
CVE-2023-1194 <https://nvd.nist.gov/vuln/detail/CVE-2023-1194> CVSSv3
score: 8.1(High)
An out-of-bounds (OOB) memory read flaw was found in
parse_lease_state in the KSMBD implementation of the in-kernel samba server
and CIFS in the Linux kernel. When an attacker sends the CREATE command
with a malformed payload to KSMBD, due to a missing check of
NameOffset in the parse_lease_state() function, the create_context object
can access invalid memory.
-
CVE-2023-1206 <https://nvd.nist.gov/vuln/detail/CVE-2023-1206> CVSSv3
score: 5.7(Medium)
A hash collision flaw was found in the IPv6 connection lookup
table in the Linux kernel’s IPv6 functionality when a user makes a new kind
of SYN flood attack. A user located in the local network or with a high
bandwidth connection can increase the CPU usage of the server that accepts
IPV6 connections up to 95%.
-
CVE-2023-1281 <https://nvd.nist.gov/vuln/detail/CVE-2023-1281> CVSSv3
score: n/a
Use After Free vulnerability in Linux kernel traffic control index
filter (tcindex) allows Privilege Escalation. The imperfect hash area can
be updated while packets are traversing, which will cause a use-after-free
when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local
attacker user can use this vulnerability to elevate its privileges to root.
This issue affects Linux Kernel: from 4.14 before git commit
ee059170b1f7e94e55fa6cadee544e176a6e59c2.
-
CVE-2023-1380 <https://nvd.nist.gov/vuln/detail/CVE-2023-1380> CVSSv3
score: 7.1(High)
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies
in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux
Kernel. This issue could occur when assoc_info->req_len data is bigger than
the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of
service.
-
CVE-2023-1513 <https://nvd.nist.gov/vuln/detail/CVE-2023-1513> CVSSv3
score: 3.3(Low)
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl,
on 32-bit systems, there might be some uninitialized portions of the
kvm_debugregs structure that could be copied to userspace, causing an
information leak.
-
CVE-2023-1583 <https://nvd.nist.gov/vuln/detail/CVE-2023-1583> CVSSv3
score: 5.5(Medium)
A NULL pointer dereference was found in io_file_bitmap_get in
io_uring/filetable.c in the io_uring sub-component in the Linux Kernel.
When fixed files are unregistered, some context information
(file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent
request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC
can cause a NULL pointer dereference. An unprivileged user can use the flaw
to cause a system crash.
-
CVE-2023-1611 <https://nvd.nist.gov/vuln/detail/CVE-2023-1611> CVSSv3
score: 6.3(Medium)
A use-after-free flaw was found in btrfs_search_slot in
fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker
to crash the system and possibly cause a kernel information lea
-
CVE-2023-1670 <https://nvd.nist.gov/vuln/detail/CVE-2023-1670> CVSSv3
score: 7.8(High)
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA
(PC-card) Ethernet driver was found.A local user could use this flaw to
crash the system or potentially escalate their privileges on the system.
-
CVE-2023-1829 <https://nvd.nist.gov/vuln/detail/CVE-2023-1829> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux Kernel traffic control
index filter (tcindex) can be exploited to achieve local privilege
escalation. The tcindex_delete function which does not properly deactivate
filters in case of a perfect hashes while deleting the underlying structure
which can later lead to double freeing the structure. A local attacker user
can use this vulnerability to elevate its privileges to root.
We recommend upgrading past commit
8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
-
CVE-2023-1855 <https://nvd.nist.gov/vuln/detail/CVE-2023-1855> CVSSv3
score: 6.3(Medium)
A use-after-free flaw was found in xgene_hwmon_remove in
drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver
(xgene-hwmon). This flaw could allow a local attacker to crash the system
due to a race problem. This vulnerability could even lead to a kernel
information leak problem.
-
CVE-2023-1859 <https://nvd.nist.gov/vuln/detail/CVE-2023-1859> CVSSv3
score: 4.7(Medium)
A use-after-free flaw was found in xen_9pfs_front_removet in
net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw
could allow a local attacker to crash the system due to a race problem,
possibly leading to a kernel information leak.
-
CVE-2023-1989 <https://nvd.nist.gov/vuln/detail/CVE-2023-1989> CVSSv3
score: 7(High)
A use-after-free flaw was found in btsdio_remove in
drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to
btsdio_remove with an unfinished job, may cause a race problem leading to a
UAF on hdev devices.
-
CVE-2023-1990 <https://nvd.nist.gov/vuln/detail/CVE-2023-1990> CVSSv3
score: 4.7(Medium)
A use-after-free flaw was found in ndlc_remove in
drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an
attacker to crash the system due to a race problem.
-
CVE-2023-1998 <https://nvd.nist.gov/vuln/detail/CVE-2023-1998> CVSSv3
score: n/a
The Linux kernel allows userspace processes to enable mitigations
by calling prctl with PR_SET_SPECULATION_CTRL which disables the
speculation feature as well as by using seccomp. We had noticed that on VMs
of at least one major cloud provider, the kernel still left the victim
process exposed to attacks in some cases even after enabling the
spectre-BTI mitigation with prctl. The same behavior can be observed on a
bare-metal machine when forcing the mitigation to IBRS on boot command line.
This happened because when plain IBRS was enabled (not enhanced
IBRS), the kernel had some logic that determined that STIBP was not needed.
The IBRS bit implicitly protects against cross-thread branch target
injection. However, with legacy IBRS, the IBRS bit was cleared on returning
to userspace, due to performance reasons, which disabled the implicit STIBP
and left userspace threads vulnerable to cross-thread branch target
injection against which STIBP protects.
-
CVE-2023-2002 <https://nvd.nist.gov/vuln/detail/CVE-2023-2002> CVSSv3
score: 6.8(Medium)
A vulnerability was found in the HCI sockets implementation due to
a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel.
This flaw allows an attacker to unauthorized execution of management
commands, compromising the confidentiality, integrity, and availability of
Bluetooth communication.
-
CVE-2023-20569 <https://nvd.nist.gov/vuln/detail/CVE-2023-20569> CVSSv3
score: 4.7(Medium)
A side channel vulnerability on some of the AMD CPUs may allow an
attacker to influence the return address prediction. This may result in
speculative execution at an attacker-controlled address, potentially
leading to information disclosure.
-
CVE-2023-20588 <https://nvd.nist.gov/vuln/detail/CVE-2023-20588> CVSSv3
score: 5.5(Medium)
A division-by-zero error on some AMD processors can potentially
return speculative data resulting in loss of confidentiality.
-
CVE-2023-20593 <https://nvd.nist.gov/vuln/detail/CVE-2023-20593> CVSSv3
score: 5.5(Medium)
An issue in “Zen 2” CPUs, under specific microarchitectural
circumstances, may allow an attacker to potentially access sensitive
information.
-
CVE-2023-2124 <https://nvd.nist.gov/vuln/detail/CVE-2023-2124> CVSSv3
score: 7.8(High)
An out-of-bounds memory access flaw was found in the Linux
kernel’s XFS file system in how a user restores an XFS image after failure
(with a dirty log journal). This flaw allows a local user to crash or
potentially escalate their privileges on the system.
-
CVE-2023-21255 <https://nvd.nist.gov/vuln/detail/CVE-2023-21255> CVSSv3
score: 7.8(High)
In multiple functions of binder.c, there is a possible memory
corruption due to a use after free. This could lead to local escalation of
privilege with no additional execution privileges needed. User interaction
is not needed for exploitation.
-
CVE-2023-21264 <https://nvd.nist.gov/vuln/detail/CVE-2023-21264> CVSSv3
score: 6.7(Medium)
In multiple functions of mem_protect.c, there is a possible way to
access hypervisor memory due to a memory access check in the wrong place.
This could lead to local escalation of privilege with System execution
privileges needed. User interaction is not needed for exploitation.
-
CVE-2023-2156 <https://nvd.nist.gov/vuln/detail/CVE-2023-2156> CVSSv3
score: 7.5(High)
A flaw was found in the networking subsystem of the Linux kernel
within the handling of the RPL protocol. This issue results from the lack
of proper handling of user-supplied data, which can lead to an assertion
failure. This may allow an unauthenticated remote attacker to create a
denial of service condition on the system.
-
CVE-2023-2163 <https://nvd.nist.gov/vuln/detail/CVE-2023-2163> CVSSv3
score: 8.8(High)
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to
unsafe
code paths being incorrectly marked as safe, resulting
in arbitrary read/write in
kernel memory, lateral privilege escalation, and container escape.
-
CVE-2023-2194 <https://nvd.nist.gov/vuln/detail/CVE-2023-2194> CVSSv3
score: 6.7(Medium)
An out-of-bounds write vulnerability was found in the Linux
kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable
was not capped to a number between 0-255 and was used as the size of a
memcpy, possibly writing beyond the end of dma_buffer. This flaw could
allow a local privileged user to crash the system or potentially achieve
code execution.
-
CVE-2023-2235 <https://nvd.nist.gov/vuln/detail/CVE-2023-2235> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux Kernel Performance
Events system can be exploited to achieve local privilege escalation.
The perf_group_detach function did not check the event's siblings'
attach_state before calling add_event_to_groups(), but remove_on_exec made
it possible to call list_del_event() on before detaching from their group,
making it possible to use a dangling pointer causing a use-after-free
vulnerability.
We recommend upgrading past commit
fd0815f632c24878e325821943edccc7fde947a2.
-
CVE-2023-2269 <https://nvd.nist.gov/vuln/detail/CVE-2023-2269> CVSSv3
score: 4.4(Medium)
A denial of service problem was found, due to a possible recursive
locking scenario, resulting in a deadlock in table_clear in
drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing
sub-component.
-
CVE-2023-25012 <https://nvd.nist.gov/vuln/detail/CVE-2023-25012> CVSSv3
score: 4.6(Medium)
The Linux kernel through 6.1.9 has a Use-After-Free in
bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device
because the LED controllers remain registered for too long.
-
CVE-2023-25775 <https://nvd.nist.gov/vuln/detail/CVE-2023-25775> CVSSv3
score: 9.8(Critical)
Improper access control in the Intel® Ethernet Controller RDMA
driver for linux before version 1.9.30 may allow an unauthenticated user to
potentially enable escalation of privilege via network access.
-
CVE-2023-2598 <https://nvd.nist.gov/vuln/detail/CVE-2023-2598> CVSSv3
score: 7.8(High)
A flaw was found in the fixed buffer registration code for
io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel
that allows out-of-bounds access to physical memory beyond the end of the
buffer. This flaw enables full local privilege escalation.
-
CVE-2023-26545 <https://nvd.nist.gov/vuln/detail/CVE-2023-26545> CVSSv3
score: 4.7(Medium)
In the Linux kernel before 6.1.13, there is a double free in
net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl
table under a new location) during the renaming of a device.
-
CVE-2023-28466 <https://nvd.nist.gov/vuln/detail/CVE-2023-28466> CVSSv3
score: 7(High)
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel
through 6.2.6 lacks a lock_sock call, leading to a race condition (with a
resultant use-after-free or NULL pointer dereference).
-
CVE-2023-28866 <https://nvd.nist.gov/vuln/detail/CVE-2023-28866> CVSSv3
score: 5.3(Medium)
In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows
out-of-bounds access because amp_init1[] and amp_init2[] are supposed to
have an intentionally invalid element, but do not.
-
CVE-2023-2898 <https://nvd.nist.gov/vuln/detail/CVE-2023-2898> CVSSv3
score: 4.7(Medium)
There is a null-pointer-dereference flaw found in
f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a
local privileged user to cause a denial of service problem.
-
CVE-2023-2985 <https://nvd.nist.gov/vuln/detail/CVE-2023-2985> CVSSv3
score: 5.5(Medium)
A use after free flaw was found in hfsplus_put_super in
fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user
to cause a denial of service problem.
-
CVE-2023-30456 <https://nvd.nist.gov/vuln/detail/CVE-2023-30456> CVSSv3
score: 6.5(Medium)
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux
kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and
CR4.
-
CVE-2023-30772 <https://nvd.nist.gov/vuln/detail/CVE-2023-30772> CVSSv3
score: 6.4(Medium)
The Linux kernel before 6.2.9 has a race condition and resultant
use-after-free in drivers/power/supply/da9150-charger.c if a physically
proximate attacker unplugs a device.
-
CVE-2023-3090 <https://nvd.nist.gov/vuln/detail/CVE-2023-3090> CVSSv3
score: n/a
A heap out-of-bounds write vulnerability in the Linux Kernel
ipvlan network driver can be exploited to achieve local privilege
escalation.
The out-of-bounds write is caused by missing skb->cb
initialization in the ipvlan network driver. The vulnerability is reachable
if CONFIG_IPVLAN is enabled.
We recommend upgrading past commit
90cbed5247439a966b645b34eb0a2e037836ea8e.
-
CVE-2023-31085 <https://nvd.nist.gov/vuln/detail/CVE-2023-31085> CVSSv3
score: 5.5(Medium)
An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux
kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize),
used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.
-
CVE-2023-31248 <https://nvd.nist.gov/vuln/detail/CVE-2023-31248> CVSSv3
score: n/a
Linux Kernel nftables Use-After-Free Local Privilege Escalation
Vulnerability; nft_chain_lookup_byid() failed to check whether a
chain was active and CAP_NET_ADMIN is in any user or network namespace
-
CVE-2023-3141 <https://nvd.nist.gov/vuln/detail/CVE-2023-3141> CVSSv3
score: 7.1(High)
A use-after-free flaw was found in r592_remove in
drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw
allows a local attacker to crash the system at device disconnect, possibly
leading to a kernel information leak.
-
CVE-2023-31436 <https://nvd.nist.gov/vuln/detail/CVE-2023-31436> CVSSv3
score: 7.8(High)
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before
6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
-
CVE-2023-3212 <https://nvd.nist.gov/vuln/detail/CVE-2023-3212> CVSSv3
score: 4.4(Medium)
A NULL pointer dereference issue was found in the gfs2 file system
in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict
code tries to reference the journal descriptor structure after it has been
freed and set to NULL. A privileged local user could use this flaw to cause
a kernel panic.
-
CVE-2023-3220 <https://nvd.nist.gov/vuln/detail/CVE-2023-3220> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel through 6.1-rc8.
dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks
check of the return value of kzalloc() and will cause the NULL Pointer
Dereference.
-
CVE-2023-32233 <https://nvd.nist.gov/vuln/detail/CVE-2023-32233> CVSSv3
score: 7.8(High)
In the Linux kernel through 6.3.1, a use-after-free in Netfilter
nf_tables when processing batch requests can be abused to perform arbitrary
read and write operations on kernel memory. Unprivileged local users can
obtain root privileges. This occurs because anonymous sets are mishandled.
-
CVE-2023-32247 <https://nvd.nist.gov/vuln/detail/CVE-2023-32247> CVSSv3
score: n/a
A flaw was found in the Linux kernel's ksmbd, a high-performance
in-kernel SMB server. The specific flaw exists within the handling of
SMB2_SESSION_SETUP commands. The issue results from the lack of control of
resource consumption. An attacker can leverage this vulnerability to create
a denial-of-service condition on the system.
-
CVE-2023-32248 <https://nvd.nist.gov/vuln/detail/CVE-2023-32248> CVSSv3
score: n/a
A flaw was found in the Linux kernel's ksmbd, a high-performance
in-kernel SMB server. The specific flaw exists within the handling of
SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the
lack of proper validation of a pointer prior to accessing it. An attacker
can leverage this vulnerability to create a denial-of-service condition on
the system.
-
CVE-2023-32250 <https://nvd.nist.gov/vuln/detail/CVE-2023-32250> CVSSv3
score: 8.1(High)
A flaw was found in the Linux kernel's ksmbd, a high-performance
in-kernel SMB server. The specific flaw exists within the processing of
SMB2_SESSION_SETUP commands. The issue results from the lack of proper
locking when performing operations on an object. An attacker can leverage
this vulnerability to execute code in the context of the kernel.
-
CVE-2023-32252 <https://nvd.nist.gov/vuln/detail/CVE-2023-32252> CVSSv3
score: n/a
A flaw was found in the Linux kernel's ksmbd, a high-performance
in-kernel SMB server. The specific flaw exists within the handling of
SMB2_LOGOFF commands. The issue results from the lack of proper validation
of a pointer prior to accessing it. An attacker can leverage this
vulnerability to create a denial-of-service condition on the system.
-
CVE-2023-32254 <https://nvd.nist.gov/vuln/detail/CVE-2023-32254> CVSSv3
score: 8.1(High)
A flaw was found in the Linux kernel's ksmbd, a high-performance
in-kernel SMB server. The specific flaw exists within the processing of
SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper
locking when performing operations on an object. An attacker can leverage
this vulnerability to execute code in the context of the kernel.
-
CVE-2023-32257 <https://nvd.nist.gov/vuln/detail/CVE-2023-32257> CVSSv3
score: n/a
A flaw was found in the Linux kernel's ksmbd, a high-performance
in-kernel SMB server. The specific flaw exists within the processing of
SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the
lack of proper locking when performing operations on an object. An attacker
can leverage this vulnerability to execute code in the context of the
kernel.
-
CVE-2023-32258 <https://nvd.nist.gov/vuln/detail/CVE-2023-32258> CVSSv3
score: n/a
A flaw was found in the Linux kernel's ksmbd, a high-performance
in-kernel SMB server. The specific flaw exists within the processing of
SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of
proper locking when performing operations on an object. An attacker can
leverage this vulnerability to execute code in the context of the kernel.
-
CVE-2023-3268 <https://nvd.nist.gov/vuln/detail/CVE-2023-3268> CVSSv3
score: 7.1(High)
An out of bounds (OOB) memory access flaw was found in the Linux
kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This
flaw could allow a local attacker to crash the system or leak kernel
internal information.
-
CVE-2023-3269 <https://nvd.nist.gov/vuln/detail/CVE-2023-3269> CVSSv3
score: 7.8(High)
A vulnerability exists in the memory management subsystem of the
Linux kernel. The lock handling for accessing and updating virtual memory
areas (VMAs) is incorrect, leading to use-after-free problems. This issue
can be successfully exploited to execute arbitrary kernel code, escalate
containers, and gain root privileges.
-
CVE-2023-3312 <https://nvd.nist.gov/vuln/detail/CVE-2023-3312> CVSSv3
score: 7.5(High)
A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in
cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will
lead to double release problem leading to denial of service.
-
CVE-2023-3317 <https://nvd.nist.gov/vuln/detail/CVE-2023-3317> CVSSv3
score: 7.1(High)
A use-after-free flaw was found in mt7921_check_offload_capability
in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921
sub-component in the Linux Kernel. This flaw could allow an attacker to
crash the system after 'features' memory release. This vulnerability could
even lead to a kernel information leak problem.
-
CVE-2023-33203 <https://nvd.nist.gov/vuln/detail/CVE-2023-33203> CVSSv3
score: 6.4(Medium)
The Linux kernel before 6.2.9 has a race condition and resultant
use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically
proximate attacker unplugs an emac based device.
-
CVE-2023-33250 <https://nvd.nist.gov/vuln/detail/CVE-2023-33250> CVSSv3
score: 4.4(Medium)
The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range
in drivers/iommu/iommufd/io_pagetable.c.
-
CVE-2023-33288 <https://nvd.nist.gov/vuln/detail/CVE-2023-33288> CVSSv3
score: 4.7(Medium)
An issue was discovered in the Linux kernel before 6.2.9. A
use-after-free was found in bq24190_remove in
drivers/power/supply/bq24190_charger.c. It could allow a local attacker to
crash the system due to a race condition.
-
CVE-2023-3355 <https://nvd.nist.gov/vuln/detail/CVE-2023-3355> CVSSv3
score: 5.5(Medium)
A NULL pointer dereference flaw was found in the Linux kernel's
drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds
function, which fails because it lacks a check of the return value of
kmalloc(). This issue allows a local user to crash the system.
-
CVE-2023-3390 <https://nvd.nist.gov/vuln/detail/CVE-2023-3390> CVSSv3
score: n/a
A use-after-free vulnerability was found in the Linux kernel's
netfilter subsystem in net/netfilter/nf_tables_api.c.
Mishandled error handling with NFT_MSG_NEWRULE makes it possible
to use a dangling pointer in the same transaction causing a use-after-free
vulnerability. This flaw allows a local attacker with user access to cause
a privilege escalation issue.
We recommend upgrading past
commit 1240eb93f0616b21c675416516ff3d74798fdc97.
-
CVE-2023-33951 <https://nvd.nist.gov/vuln/detail/CVE-2023-33951> CVSSv3
score: 5.3(Medium)
A race condition vulnerability was found in the vmwgfx driver in
the Linux kernel. The flaw exists within the handling of GEM objects. The
issue results from improper locking when performing operations on an
object. This flaw allows a local privileged user to disclose information in
the context of the kernel.
-
CVE-2023-33952 <https://nvd.nist.gov/vuln/detail/CVE-2023-33952> CVSSv3
score: n/a
A double-free vulnerability was found in handling
vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This
issue occurs due to the lack of validating the existence of an object prior
to performing further free operations on the object, which may allow a
local privileged user to escalate privileges and execute code in the
context of the kernel.
-
CVE-2023-34256 <https://nvd.nist.gov/vuln/detail/CVE-2023-34256> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel before 6.3.3. There is
an out-of-bounds read in crc16 in lib/crc16.c when called from
fs/ext4/super.c because ext4_group_desc_csum does not properly check an
offset. NOTE: this is disputed by third parties because the kernel is not
intended to defend against attackers with the stated "When modifying the
block device while it is mounted by the filesystem" access.
-
CVE-2023-34319 <https://nvd.nist.gov/vuln/detail/CVE-2023-34319> CVSSv3
score: 7.8(High)
The fix for XSA-423 added logic to Linux'es netback driver to deal
with
a frontend splitting a packet in a way such that not all of the
headers
would come in one piece. Unfortunately the logic introduced there
didn't account for the extreme case of the entire packet being
split
into as many pieces as permitted by the protocol, yet still being
smaller than the area that's specially dealt with to keep all
(possible)
headers together. Such an unusual packet would therefore trigger a
buffer overrun in the driver.
-
CVE-2023-34324 <https://nvd.nist.gov/vuln/detail/CVE-2023-34324> CVSSv3
score: 4.9(Medium)
Closing of an event channel in the Linux kernel can result in a
deadlock.
This happens when the close is being performed in parallel to an
unrelated
Xen console action and the handling of a Xen console interrupt in
an
unprivileged guest.
The closing of an event channel is e.g. triggered by removal of a
paravirtual device on the other side. As this action will cause
console
messages to be issued on the other side quite often, the chance of
triggering the deadlock is not neglectable.
Note that 32-bit Arm-guests are not affected, as the 32-bit Linux
kernel
on Arm doesn't use queued-RW-locks, which are required to trigger
the
issue (on Arm32 a waiting writer doesn't block further readers to
get
the lock).
-
CVE-2023-35001 <https://nvd.nist.gov/vuln/detail/CVE-2023-35001> CVSSv3
score: n/a
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability;
nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in
any user or network namespace
-
CVE-2023-35788 <https://nvd.nist.gov/vuln/detail/CVE-2023-35788> CVSSv3
score: 7.8(High)
An issue was discovered in fl_set_geneve_opt in
net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an
out-of-bounds write in the flower classifier code via
TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of
service or privilege escalation.
-
CVE-2023-35823 <https://nvd.nist.gov/vuln/detail/CVE-2023-35823> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel before 6.3.2. A
use-after-free was found in saa7134_finidev in
drivers/media/pci/saa7134/saa7134-core.c.
-
CVE-2023-35824 <https://nvd.nist.gov/vuln/detail/CVE-2023-35824> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel before 6.3.2. A
use-after-free was found in dm1105_remove in
drivers/media/pci/dm1105/dm1105.c.
-
CVE-2023-35826 <https://nvd.nist.gov/vuln/detail/CVE-2023-35826> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel before 6.3.2. A
use-after-free was found in cedrus_remove in
drivers/staging/media/sunxi/cedrus/cedrus.c.
-
CVE-2023-35827 <https://nvd.nist.gov/vuln/detail/CVE-2023-35827> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel through 6.3.8. A
use-after-free was found in ravb_remove in
drivers/net/ethernet/renesas/ravb_main.c.
-
CVE-2023-35828 <https://nvd.nist.gov/vuln/detail/CVE-2023-35828> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel before 6.3.2. A
use-after-free was found in renesas_usb3_remove in
drivers/usb/gadget/udc/renesas_usb3.c.
-
CVE-2023-35829 <https://nvd.nist.gov/vuln/detail/CVE-2023-35829> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel before 6.3.2. A
use-after-free was found in rkvdec_remove in
drivers/staging/media/rkvdec/rkvdec.c.
-
CVE-2023-3609 <https://nvd.nist.gov/vuln/detail/CVE-2023-3609> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's net/sched:
cls_u32 component can be exploited to achieve local privilege escalation.
If tcf_change_indev() fails, u32_set_parms() will immediately
return an error after incrementing or decrementing the reference counter in
tcf_bind_filter(). If an attacker can control the reference counter and set
it to zero, they can cause the reference to be freed, leading to a
use-after-free vulnerability.
We recommend upgrading past commit
04c55383fa5689357bcdd2c8036725a55ed632bc.
-
CVE-2023-3610 <https://nvd.nist.gov/vuln/detail/CVE-2023-3610> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tables component can be exploited to achieve local privilege escalation.
Flaw in the error handling of bound chains causes a use-after-free
in the abort path of NFT_MSG_NEWRULE. The vulnerability requires
CAP_NET_ADMIN to be triggered.
We recommend upgrading past commit
4bedf9eee016286c835e3d8fa981ddece5338795.
-
CVE-2023-3611 <https://nvd.nist.gov/vuln/detail/CVE-2023-3611> CVSSv3
score: n/a
An out-of-bounds write vulnerability in the Linux kernel's
net/sched: sch_qfq component can be exploited to achieve local privilege
escalation.
The qfq_change_agg() function in net/sched/sch_qfq.c allows an
out-of-bounds write because lmax is updated according to packet sizes
without bounds checks.
We recommend upgrading past commit
3e337087c3b5805fe0b8a46ba622a962880b5d64.
-
CVE-2023-37453 <https://nvd.nist.gov/vuln/detail/CVE-2023-37453> CVSSv3
score: 4.6(Medium)
An issue was discovered in the USB subsystem in the Linux kernel
through 6.4.2. There is an out-of-bounds and crash in read_descriptors in
drivers/usb/core/sysfs.c.
-
CVE-2023-3772 <https://nvd.nist.gov/vuln/detail/CVE-2023-3772> CVSSv3
score: 4.4(Medium)
A flaw was found in the Linux kernel’s IP framework for
transforming packets (XFRM subsystem). This issue may allow a malicious
user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer
in xfrm_update_ae_params(), leading to a possible kernel crash and denial
of service.
-
CVE-2023-3773 <https://nvd.nist.gov/vuln/detail/CVE-2023-3773> CVSSv3
score: 4.4(Medium)
A flaw was found in the Linux kernel’s IP framework for
transforming packets (XFRM subsystem). This issue may allow a malicious
user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of
XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential
leakage of sensitive heap data to userspace.
-
CVE-2023-3776 <https://nvd.nist.gov/vuln/detail/CVE-2023-3776> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's net/sched:
cls_fw component can be exploited to achieve local privilege escalation.
If tcf_change_indev() fails, fw_set_parms() will immediately
return an error after incrementing or decrementing the reference counter in
tcf_bind_filter(). If an attacker can control the reference counter and set
it to zero, they can cause the reference to be freed, leading to a
use-after-free vulnerability.
We recommend upgrading past commit
0323bce598eea038714f941ce2b22541c46d488f.
-
CVE-2023-3777 <https://nvd.nist.gov/vuln/detail/CVE-2023-3777> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tables component can be exploited to achieve local privilege escalation.
When nf_tables_delrule() is flushing table rules, it is not
checked whether the chain is bound and the chain's owner rule can also
release the objects in certain circumstances.
We recommend upgrading past commit
6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
-
CVE-2023-38409 <https://nvd.nist.gov/vuln/detail/CVE-2023-38409> CVSSv3
score: 5.5(Medium)
An issue was discovered in set_con2fb_map in
drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because
an assignment occurs only for the first vc, the fbcon_registered_fb and
fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the
con2fb_map points at the old fb_info).
-
CVE-2023-38426 <https://nvd.nist.gov/vuln/detail/CVE-2023-38426> CVSSv3
score: 9.1(Critical)
An issue was discovered in the Linux kernel before 6.3.4. ksmbd
has an out-of-bounds read in smb2_find_context_vals when create_context's
name_len is larger than the tag length.
-
CVE-2023-38427 <https://nvd.nist.gov/vuln/detail/CVE-2023-38427> CVSSv3
score: 9.8(Critical)
An issue was discovered in the Linux kernel before 6.3.8.
fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds
read in deassemble_neg_contexts.
-
CVE-2023-38428 <https://nvd.nist.gov/vuln/detail/CVE-2023-38428> CVSSv3
score: 9.1(Critical)
An issue was discovered in the Linux kernel before 6.3.4.
fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value
because it does not consider the address of security buffer, leading to an
out-of-bounds read.
-
CVE-2023-38429 <https://nvd.nist.gov/vuln/detail/CVE-2023-38429> CVSSv3
score: 9.8(Critical)
An issue was discovered in the Linux kernel before 6.3.4.
fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation
(because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.
-
CVE-2023-38430 <https://nvd.nist.gov/vuln/detail/CVE-2023-38430> CVSSv3
score: 9.1(Critical)
An issue was discovered in the Linux kernel before 6.3.9. ksmbd
does not validate the SMB request protocol ID, leading to an out-of-bounds
read.
-
CVE-2023-38431 <https://nvd.nist.gov/vuln/detail/CVE-2023-38431> CVSSv3
score: 9.1(Critical)
An issue was discovered in the Linux kernel before 6.3.8.
fs/smb/server/connection.c in ksmbd does not validate the relationship
between the NetBIOS header's length field and the SMB header sizes, via
pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.
-
CVE-2023-38432 <https://nvd.nist.gov/vuln/detail/CVE-2023-38432> CVSSv3
score: 9.1(Critical)
An issue was discovered in the Linux kernel before 6.3.10.
fs/smb/server/smb2misc.c in ksmbd does not validate the relationship
between the command payload size and the RFC1002 length specification,
leading to an out-of-bounds read.
-
CVE-2023-3863 <https://nvd.nist.gov/vuln/detail/CVE-2023-3863> CVSSv3
score: 4.1(Medium)
A use-after-free flaw was found in nfc_llcp_find_local in
net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local
user with special privileges to impact a kernel information leak issue.
-
CVE-2023-3865 <https://nvd.nist.gov/vuln/detail/CVE-2023-3865> CVSSv3
score: n/a
-
CVE-2023-3866 <https://nvd.nist.gov/vuln/detail/CVE-2023-3866> CVSSv3
score: n/a
-
CVE-2023-3867 <https://nvd.nist.gov/vuln/detail/CVE-2023-3867> CVSSv3
score: n/a
-
CVE-2023-39189 <https://nvd.nist.gov/vuln/detail/CVE-2023-39189> CVSSv3
score: 6(Medium)
A flaw was found in the Netfilter subsystem in the Linux kernel.
The nfnl_osf_add_callback function did not validate the user mode
controlled opt_num field. This flaw allows a local privileged
(CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a
crash or information disclosure.
-
CVE-2023-39191 <https://nvd.nist.gov/vuln/detail/CVE-2023-39191> CVSSv3
score: n/a
An improper input validation flaw was found in the eBPF subsystem
in the Linux kernel. The issue occurs due to a lack of proper validation of
dynamic pointers within user-supplied eBPF programs prior to executing
them. This may allow an attacker with CAP_BPF privileges to escalate
privileges and execute arbitrary code in the context of the kernel.
-
CVE-2023-39192 <https://nvd.nist.gov/vuln/detail/CVE-2023-39192> CVSSv3
score: 6(Medium)
A flaw was found in the Netfilter subsystem in the Linux kernel.
The xt_u32 module did not validate the fields in the xt_u32 structure. This
flaw allows a local privileged attacker to trigger an out-of-bounds read by
setting the size fields with a value beyond the array boundaries, leading
to a crash or information disclosure.
-
CVE-2023-39193 <https://nvd.nist.gov/vuln/detail/CVE-2023-39193> CVSSv3
score: 6(Medium)
A flaw was found in the Netfilter subsystem in the Linux kernel.
The sctp_mt_check did not validate the flag_count field. This flaw allows a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure.
-
CVE-2023-39194 <https://nvd.nist.gov/vuln/detail/CVE-2023-39194> CVSSv3
score: 4.4(Medium)
A flaw was found in the XFRM subsystem in the Linux kernel. The
specific flaw exists within the processing of state filters, which can
result in a read past the end of an allocated buffer. This flaw allows a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
potentially leading to an information disclosure.
-
CVE-2023-39197 <https://nvd.nist.gov/vuln/detail/CVE-2023-39197> CVSSv3
score: n/a
-
CVE-2023-39198 <https://nvd.nist.gov/vuln/detail/CVE-2023-39198> CVSSv3
score: 6.4(Medium)
A race condition was found in the QXL driver in the Linux kernel.
The qxl_mode_dumb_create() function dereferences the qobj returned by the
qxl_gem_object_create_with_handle(), but the handle is the only one holding
a reference to it. This flaw allows an attacker to guess the returned
handle value and trigger a use-after-free issue, potentially leading to a
denial of service or privilege escalation.
-
CVE-2023-4004 <https://nvd.nist.gov/vuln/detail/CVE-2023-4004> CVSSv3
score: n/a
A use-after-free flaw was found in the Linux kernel's netfilter in
the way a user triggers the nft_pipapo_remove function with the element,
without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash
the system or potentially escalate their privileges on the system.
-
CVE-2023-4015 <https://nvd.nist.gov/vuln/detail/CVE-2023-4015> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tables component can be exploited to achieve local privilege escalation.
On an error when building a nftables rule, deactivating immediate
expressions in nft_immediate_deactivate() can lead unbinding the chain and
objects be deactivated but later used.
We recommend upgrading past commit
0a771f7b266b02d262900c75f1e175c7fe76fec2.
-
CVE-2023-40283 <https://nvd.nist.gov/vuln/detail/CVE-2023-40283> CVSSv3
score: 7.8(High)
An issue was discovered in l2cap_sock_release in
net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a
use-after-free because the children of an sk are mishandled.
-
CVE-2023-40791 <https://nvd.nist.gov/vuln/detail/CVE-2023-40791> CVSSv3
score: 6.3(Medium)
extract_user_to_sg in lib/scatterlist.c in the Linux kernel before
6.4.12 fails to unpin pages in a certain situation, as demonstrated by a
WARNING for try_grab_page.
-
CVE-2023-4132 <https://nvd.nist.gov/vuln/detail/CVE-2023-4132> CVSSv3
score: n/a
A use-after-free vulnerability was found in the siano smsusb
module in the Linux kernel. The bug occurs during device initialization
when the siano device is plugged in. This flaw allows a local user to crash
the system, causing a denial of service condition.
-
CVE-2023-4133 <https://nvd.nist.gov/vuln/detail/CVE-2023-4133> CVSSv3
score: n/a
A use-after-free vulnerability was found in the cxgb4 driver in
the Linux kernel. The bug occurs when the cxgb4 device is detaching due to
a possible rearming of the flower_stats_timer from the work queue. This
flaw allows a local user to crash the system, causing a denial of service
condition.
-
CVE-2023-4134 <https://nvd.nist.gov/vuln/detail/CVE-2023-4134> CVSSv3
score: n/a
-
CVE-2023-4147 <https://nvd.nist.gov/vuln/detail/CVE-2023-4147> CVSSv3
score: n/a
A use-after-free flaw was found in the Linux kernel’s Netfilter
functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows
a local user to crash or escalate their privileges on the system.
-
CVE-2023-4155 <https://nvd.nist.gov/vuln/detail/CVE-2023-4155> CVSSv3
score: 5.6(Medium)
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV)
in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple
vCPUs can trigger a double fetch race condition vulnerability and invoke
the VMGEXIT handler recursively. If an attacker manages to call
the handler multiple times, they can trigger a stack overflow and cause a
denial of service or potentially guest-to-host escape in kernel
configurations without stack guard pages (CONFIG_VMAP_STACK).
-
CVE-2023-4194 <https://nvd.nist.gov/vuln/detail/CVE-2023-4194> CVSSv3
score: n/a
A flaw was found in the Linux kernel's TUN/TAP functionality. This
issue could allow a local user to bypass network filters and gain
unauthorized access to some resources. The original patches fixing
CVE-2023-1076 are incorrect or incomplete. The problem is that the
following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly
initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly
initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the
last parameter and that turns out to not be accurate.
-
CVE-2023-4206 <https://nvd.nist.gov/vuln/detail/CVE-2023-4206> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's net/sched:
cls_route component can be exploited to achieve local privilege escalation.
When route4_change() is called on an existing filter, the whole
tcf_result struct is always copied into the new instance of the filter.
This causes a problem when updating a filter bound to a class, as
tcf_unbind_filter() is always called on the old instance in the success
path, decreasing filter_cnt of the still referenced class and allowing it
to be deleted, leading to a use-after-free.
We recommend upgrading past commit
b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.
-
CVE-2023-4207 <https://nvd.nist.gov/vuln/detail/CVE-2023-4207> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's net/sched:
cls_fw component can be exploited to achieve local privilege escalation.
When fw_change() is called on an existing filter, the whole
tcf_result struct is always copied into the new instance of the filter.
This causes a problem when updating a filter bound to a class, as
tcf_unbind_filter() is always called on the old instance in the success
path, decreasing filter_cnt of the still referenced class and allowing it
to be deleted, leading to a use-after-free.
We recommend upgrading past commit
76e42ae831991c828cffa8c37736ebfb831ad5ec.
-
CVE-2023-4208 <https://nvd.nist.gov/vuln/detail/CVE-2023-4208> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's net/sched:
cls_u32 component can be exploited to achieve local privilege escalation.
When u32_change() is called on an existing filter, the whole
tcf_result struct is always copied into the new instance of the filter.
This causes a problem when updating a filter bound to a class, as
tcf_unbind_filter() is always called on the old instance in the success
path, decreasing filter_cnt of the still referenced class and allowing it
to be deleted, leading to a use-after-free.
We recommend upgrading past commit
3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
-
CVE-2023-4244 <https://nvd.nist.gov/vuln/detail/CVE-2023-4244> CVSSv3
score: 7(High)
A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tables component can be exploited to achieve local privilege escalation.
Due to a race condition between nf_tables netlink control plane
transaction and nft_set element garbage collection, it is possible to
underflow the reference counter causing a use-after-free vulnerability.
We recommend upgrading past commit
3e91b0ebd994635df2346353322ac51ce84ce6d8.
-
CVE-2023-4273 <https://nvd.nist.gov/vuln/detail/CVE-2023-4273> CVSSv3
score: 6.7(Medium)
A flaw was found in the exFAT driver of the Linux kernel. The
vulnerability exists in the implementation of the file name reconstruction
function, which is responsible for reading file name entries from a
directory index and merging file name parts belonging to one file into a
single long file name. Since the file name characters are copied into a
stack variable, a local privileged attacker could use this flaw to overflow
the kernel stack.
-
CVE-2023-42752 <https://nvd.nist.gov/vuln/detail/CVE-2023-42752> CVSSv3
score: n/a
An integer overflow flaw was found in the Linux kernel. This issue
leads to the kernel allocating skb_shared_info in the userspace,
which is exploitable in systems without SMAP protection since
skb_shared_info contains references to function pointers.
-
CVE-2023-42753 <https://nvd.nist.gov/vuln/detail/CVE-2023-42753> CVSSv3
score: 7.8(High)
An array indexing vulnerability was found in the netfilter
subsystem of the Linux kernel. A missing macro could lead to a
miscalculation of the h->nets array offset, providing attackers
with the primitive to arbitrarily increment/decrement a memory buffer
out-of-bound. This issue may allow a local user to crash the system or
potentially escalate their privileges on the system.
-
CVE-2023-42754 <https://nvd.nist.gov/vuln/detail/CVE-2023-42754> CVSSv3
score: n/a
A NULL pointer dereference flaw was found in the Linux kernel ipv4
stack. The socket buffer (skb) was assumed to be associated with a device
before calling __ip_options_compile, which is not always the case if the
skb is re-routed by ipvs. This issue may allow a local user with
CAP_NET_ADMIN privileges to crash the system.
-
CVE-2023-42756 <https://nvd.nist.gov/vuln/detail/CVE-2023-42756> CVSSv3
score: 4.7(Medium)
A flaw was found in the Netfilter subsystem of the Linux kernel. A
race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a
kernel panic due to the invocation of __ip_set_put on a wrong set.
This issue may allow a local user to crash the system.
-
CVE-2023-44466 <https://nvd.nist.gov/vuln/detail/CVE-2023-44466> CVSSv3
score: 8.8(High)
An issue was discovered in net/ceph/messenger_v2.c in the Linux
kernel before 6.4.5. There is an integer signedness error, leading to a
buffer overflow and remote code execution via HELLO or one of the AUTH
frames. This occurs because of an untrusted length taken from a TCP packet
in ceph_decode_32.
-
CVE-2023-4569 <https://nvd.nist.gov/vuln/detail/CVE-2023-4569> CVSSv3
score: 5.5(Medium)
A memory leak flaw was found in nft_set_catchall_flush in
net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a
local attacker to cause double-deactivations of catchall elements, which
can result in a memory leak.
-
CVE-2023-45862 <https://nvd.nist.gov/vuln/detail/CVE-2023-45862> CVSSv3
score: 5.5(Medium)
An issue was discovered in drivers/usb/storage/ene_ub6250.c for
the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object
could potentially extend beyond the end of an allocation.
-
CVE-2023-45863 <https://nvd.nist.gov/vuln/detail/CVE-2023-45863> CVSSv3
score: 6.4(Medium)
An issue was discovered in lib/kobject.c in the Linux kernel
before 6.2.3. With root access, an attacker can trigger a race condition
that results in a fill_kobj_path out-of-bounds write.
-
CVE-2023-45871 <https://nvd.nist.gov/vuln/detail/CVE-2023-45871> CVSSv3
score: 7.5(High)
An issue was discovered in
drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux
kernel before 6.5.3. A buffer size may not be adequate for frames larger
than the MTU.
-
CVE-2023-45898 <https://nvd.nist.gov/vuln/detail/CVE-2023-45898> CVSSv3
score: 7.8(High)
The Linux kernel before 6.5.4 has an es1 use-after-free in
fs/ext4/extents_status.c, related to ext4_es_insert_extent.
-
CVE-2023-4611 <https://nvd.nist.gov/vuln/detail/CVE-2023-4611> CVSSv3
score: 6.3(Medium)
A use-after-free flaw was found in mm/mempolicy.c in the memory
management subsystem in the Linux Kernel. This issue is caused by a race
between mbind() and VMA-locked page fault, and may allow a local attacker
to crash the system or lead to a kernel information leak.
-
CVE-2023-4623 <https://nvd.nist.gov/vuln/detail/CVE-2023-4623> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's net/sched:
sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve
local privilege escalation.
If a class with a link-sharing curve (i.e. with the HFSC_FSC flag
set) has a parent without a link-sharing curve, then init_vf() will call
vttree_insert() on the parent, but vttree_remove() will be skipped in
update_vf(). This leaves a dangling pointer that can cause a use-after-free.
We recommend upgrading past commit
b3d26c5702c7d6c45456326e56d2ccf3f103e60f.
-
CVE-2023-46813 <https://nvd.nist.gov/vuln/detail/CVE-2023-46813> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel before 6.5.9,
exploitable by local users with userspace access to MMIO registers.
Incorrect access checking in the #VC handler and instruction emulation of
the SEV-ES emulation of MMIO accesses could lead to arbitrary write access
to kernel memory (and thus privilege escalation). This depends on a race
condition through which userspace can replace an instruction before the #VC
handler reads it.
-
CVE-2023-46862 <https://nvd.nist.gov/vuln/detail/CVE-2023-46862> CVSSv3
score: 4.7(Medium)
An issue was discovered in the Linux kernel through 6.5.9. During
a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL
pointer dereference can occur.
-
CVE-2023-4921 <https://nvd.nist.gov/vuln/detail/CVE-2023-4921> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's net/sched:
sch_qfq component can be exploited to achieve local privilege escalation.
When the plug qdisc is used as a class of the qfq qdisc, sending
network packets triggers use-after-free in qfq_dequeue() due to the
incorrect .peek handler of sch_plug and lack of error checking in
agg_dequeue().
We recommend upgrading past commit
8fc134fee27f2263988ae38920bc03da416b03d8.
-
CVE-2023-5090 <https://nvd.nist.gov/vuln/detail/CVE-2023-5090> CVSSv3
score: 5.5(Medium)
A flaw was found in KVM. An improper check in
svm_set_x2apic_msr_interception() may allow direct access to host x2apic
msrs when the guest resets its apic, potentially leading to a denial of
service condition.
-
CVE-2023-5158 <https://nvd.nist.gov/vuln/detail/CVE-2023-5158> CVSSv3
score: 5.5(Medium)
A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c
in the host side of a virtio ring in the Linux Kernel. This issue may
result in a denial of service from guest to host via zero length descriptor.
-
CVE-2023-51779 <https://nvd.nist.gov/vuln/detail/CVE-2023-51779> CVSSv3
score: n/a
-
CVE-2023-51780 <https://nvd.nist.gov/vuln/detail/CVE-2023-51780> CVSSv3
score: n/a
An issue was discovered in the Linux kernel before 6.6.8.
do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a
vcc_recvmsg race condition.
-
CVE-2023-51781 <https://nvd.nist.gov/vuln/detail/CVE-2023-51781> CVSSv3
score: n/a
An issue was discovered in the Linux kernel before 6.6.8.
atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an
atalk_recvmsg race condition.
-
CVE-2023-51782 <https://nvd.nist.gov/vuln/detail/CVE-2023-51782> CVSSv3
score: n/a
An issue was discovered in the Linux kernel before 6.6.8.
rose_ioctl in net/rose/af_rose.c has a use-after-free because of a
rose_accept race condition.
-
CVE-2023-5197 <https://nvd.nist.gov/vuln/detail/CVE-2023-5197> CVSSv3
score: 6.6(Medium)
A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tables component can be exploited to achieve local privilege escalation.
Addition and removal of rules from chain bindings within the same
transaction causes leads to use-after-free.
We recommend upgrading past commit
f15f29fd4779be8a418b66e9d52979bb6d6c2325.
-
CVE-2023-5345 <https://nvd.nist.gov/vuln/detail/CVE-2023-5345> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's fs/smb/client
component can be exploited to achieve local privilege escalation.
In case of an error in smb3_fs_context_parse_param, ctx->password
was freed but the field was not set to NULL which could lead to double free.
We recommend upgrading past commit
e6e43b8aa7cd3c3af686caf0c2e11819a886d705.
-
CVE-2023-5633 <https://nvd.nist.gov/vuln/detail/CVE-2023-5633> CVSSv3
score: n/a
The reference count changes made as part of the CVE-2023-33951 and
CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory
objects were handled when they were being used to store a surface. When
running inside a VMware guest with 3D acceleration enabled, a local,
unprivileged user could potentially use this flaw to escalate their
privileges.
-
CVE-2023-5717 <https://nvd.nist.gov/vuln/detail/CVE-2023-5717> CVSSv3
score: n/a
A heap out-of-bounds write vulnerability in the Linux kernel's
Linux Kernel Performance Events (perf) component can be exploited to
achieve local privilege escalation.
If perf_read_group() is called while an event's sibling_list is
smaller than its child's sibling_list, it can increment or write to memory
locations outside of the allocated buffer.
We recommend upgrading past commit
32671e3799ca2e4590773fd0e63aaa4229e50c06.
-
CVE-2023-5972 <https://nvd.nist.gov/vuln/detail/CVE-2023-5972> CVSSv3
score: 7.8(High)
A null pointer dereference flaw was found in the nft_inner.c
functionality of netfilter in the Linux kernel. This issue could allow a
local user to crash the system or escalate their privileges on the system.
-
CVE-2023-6039 <https://nvd.nist.gov/vuln/detail/CVE-2023-6039> CVSSv3
score: n/a
A use-after-free flaw was found in lan78xx_disconnect in
drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in
the Linux Kernel. This flaw allows a local attacker to crash the system
when the LAN78XX USB device detaches.
-
CVE-2023-6111 <https://nvd.nist.gov/vuln/detail/CVE-2023-6111> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tables component can be exploited to achieve local privilege escalation.
The function nft_trans_gc_catchall did not remove the catchall set
element from the catchall_list when the argument sync is true, making it
possible to free a catchall set element many times.
We recommend upgrading past commit
93995bf4af2c5a99e2a87f0cd5ce547d31eb7630.
-
CVE-2023-6121 <https://nvd.nist.gov/vuln/detail/CVE-2023-6121> CVSSv3
score: n/a
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP
subsystem in the Linux kernel. This issue may allow a remote attacker to
send a crafted TCP packet, triggering a heap-based buffer overflow that
results in kmalloc data being printed and potentially leaked to the kernel
ring buffer (dmesg).
-
CVE-2023-6176 <https://nvd.nist.gov/vuln/detail/CVE-2023-6176> CVSSv3
score: 7.8(High)
A null pointer dereference flaw was found in the Linux kernel API
for the cryptographic algorithm scatterwalk functionality. This issue
occurs when a user constructs a malicious packet with specific socket
configuration, which could allow a local user to crash the system or
escalate their privileges on the system.
-
CVE-2023-6531 <https://nvd.nist.gov/vuln/detail/CVE-2023-6531> CVSSv3
score: n/a
-
CVE-2023-6546 <https://nvd.nist.gov/vuln/detail/CVE-2023-6546> CVSSv3
score: 7(High)
A race condition was found in the GSM 0710 tty multiplexor in the
Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF
ioctl on the same tty file descriptor with the gsm line discipline enabled,
and can lead to a use-after-free problem on a struct gsm_dlci while
restarting the gsm mux. This could allow a local unprivileged user to
escalate their privileges on the system.
-
CVE-2023-6560 <https://nvd.nist.gov/vuln/detail/CVE-2023-6560> CVSSv3
score: n/a
An out-of-bounds memory access flaw was found in the io_uring
SQ/CQ rings functionality in the Linux kernel. This issue could allow a
local user to crash the system.
-
CVE-2023-6606 <https://nvd.nist.gov/vuln/detail/CVE-2023-6606> CVSSv3
score: n/a
An out-of-bounds read vulnerability was found in smbCalcSize in
fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local
attacker to crash the system or leak internal kernel information.
-
CVE-2023-6622 <https://nvd.nist.gov/vuln/detail/CVE-2023-6622> CVSSv3
score: n/a
A null pointer dereference vulnerability was found in
nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux
kernel. This issue may allow a local attacker with CAP_NET_ADMIN user
privilege to trigger a denial of service.
-
CVE-2023-6817 <https://nvd.nist.gov/vuln/detail/CVE-2023-6817> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tables component can be exploited to achieve local privilege escalation.
The function nft_pipapo_walk did not skip inactive elements during
set walk which could lead double deactivations of PIPAPO (Pile Packet
Policies) elements, leading to use-after-free.
We recommend upgrading past commit
317eb9685095678f2c9f5a8189de698c5354316a.
-
CVE-2023-6931 <https://nvd.nist.gov/vuln/detail/CVE-2023-6931> CVSSv3
score: n/a
A heap out-of-bounds write vulnerability in the Linux kernel's
Performance Events system component can be exploited to achieve local
privilege escalation.
A perf_event's read_size can overflow, leading to an heap
out-of-bounds increment or write in perf_read_group().
We recommend upgrading past commit
382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
-
CVE-2023-6932 <https://nvd.nist.gov/vuln/detail/CVE-2023-6932> CVSSv3
score: 7(High)
A use-after-free vulnerability in the Linux kernel's ipv4: igmp
component can be exploited to achieve local privilege escalation.
A race condition can be exploited to cause a timer be mistakenly
registered on a RCU read locked object which is freed by another thread.
We recommend upgrading past commit
e2b706c691905fe78468c361aaabc719d0a496f1.
-
CVE-2023-7192 <https://nvd.nist.gov/vuln/detail/CVE-2023-7192> CVSSv3
score: 4.4(Medium)
A memory leak problem was found in ctnetlink_create_conntrack in
net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may
allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of
service (DoS) attack due to a refcount overflow.
-
CVE-2024-0193 <https://nvd.nist.gov/vuln/detail/CVE-2024-0193> CVSSv3
score: 6.7(Medium)
A use-after-free flaw was found in the netfilter subsystem of the
Linux kernel. If the catchall element is garbage-collected when the pipapo
set is removed, the element can be deactivated twice. This can cause a
use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing
a local unprivileged user with CAP_NET_ADMIN capability to escalate their
privileges on the system.
-
CVE-2024-0443 <https://nvd.nist.gov/vuln/detail/CVE-2024-0443> CVSSv3
score: n/a
A flaw was found in the blkgs destruction path in
block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory
leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is
only called at css_release_work_fn(), which is called when the blkcg
reference count reaches 0. This circular dependency will prevent blkcg and
some blkgs from being freed after they are made offline. This issue may
allow an attacker with a local access to cause system instability, such as
an out of memory error.
-
binutils
- CVE-2023-1972 <https://nvd.nist.gov/vuln/detail/CVE-2023-1972> CVSSv3
score: 6.5(Medium)
A potential heap based buffer overflow was found in
_bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of
availability.
-
curl
-
CVE-2023-46218 <https://nvd.nist.gov/vuln/detail/CVE-2023-46218> CVSSv3
score: 6.5(Medium)
This flaw allows a malicious HTTP server to set "super cookies" in
curl that
are then passed back to more origins than what is otherwise
allowed or
possible. This allows a site to set cookies that then would get
sent to
different and unrelated sites and domains.
It could do this by exploiting a mixed case flaw in curl's
function that
verifies a given cookie domain against the Public Suffix List
(PSL). For
example a cookie could be set with domain=co.UK when the URL used
a lower
case hostname curl.co.uk, even though co.uk is listed as a PSL
domain.
-
CVE-2023-46219 <https://nvd.nist.gov/vuln/detail/CVE-2023-46219> CVSSv3
score: 5.3(Medium)
When saving HSTS data to an excessively long file name, curl could
end up
removing all contents, making subsequent requests using that file
unaware of
the HSTS status they should otherwise use.
-
gnutls
- CVE-2023-5981 <https://nvd.nist.gov/vuln/detail/CVE-2023-5981> CVSSv3
score: n/a
A vulnerability was found that the response times to malformed
ciphertexts in RSA-PSK ClientKeyExchange differ from response times of
ciphertexts with correct PKCS#1 v1.5 padding.
-
intel-microcode
- CVE-2023-23583 <https://nvd.nist.gov/vuln/detail/CVE-2023-23583> CVSSv3
score: 7.8(High)
Sequence of processor instructions leads to unexpected behavior
for some Intel® Processors may allow an authenticated user to potentially
enable escalation of privilege and/or information disclosure and/or denial
of service via local access.
-
libxml2
- CVE-2023-45322 <https://nvd.nist.gov/vuln/detail/CVE-2023-45322> CVSSv3
score: 6.5(Medium)
libxml2 through 2.11.5 has a use-after-free that can only occur
after a certain memory allocation fails. This occurs in xmlUnlinkNode in
tree.c. NOTE: the vendor's position is "I don't think these issues are
critical enough to warrant a CVE ID … because an attacker typically can't
control when memory allocations fail."
-
openssh
- CVE-2023-48795 <https://nvd.nist.gov/vuln/detail/CVE-2023-48795> CVSSv3
score: 5.9(Medium)
The SSH transport protocol with certain OpenSSH extensions, found
in OpenSSH before 9.6 and other products, allows remote attackers to bypass
integrity checks such that some packets are omitted (from the extension
negotiation message), and a client and server may consequently end up with
a connection for which some security features have been downgraded or
disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet
Protocol (BPP), implemented by these extensions, mishandles the handshake
phase and mishandles use of sequence numbers. For example, there is an
effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with
Encrypt-then-MAC). The bypass occurs in
chacha20...@openssh.com and (if CBC is used) the
-e...@openssh.com MAC algorithms. This also affects Maverick
Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh
before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2,
golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2
through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1,
Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate
pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH
through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX
CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP
before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd
through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2
6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8,
PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4,
Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH
Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through
0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before
1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the
Russh crate before 0.40.2 for Rust.
- CVE-2023-51384 <https://nvd.nist.gov/vuln/detail/CVE-2023-51384> CVSSv3
score: 5.5(Medium)
In ssh-agent in OpenSSH before 9.6, certain destination
constraints can be incompletely applied. When destination constraints are
specified during addition of PKCS#11-hosted private keys, these constraints
are only applied to the first key, even if a PKCS#11 token returns multiple
keys.
- CVE-2023-51385 <https://nvd.nist.gov/vuln/detail/CVE-2023-51385> CVSSv3
score: 6.5(Medium)
In ssh in OpenSSH before 9.6, OS command injection might occur if
a user name or host name has shell metacharacters, and this name is
referenced by an expansion token in certain situations. For example, an
untrusted Git repository can have a submodule with shell metacharacters in
a user name or host name.
-
openssl
- CVE-2023-3817 <https://nvd.nist.gov/vuln/detail/CVE-2023-3817> CVSSv3
score: 5.3(Medium)
Issue summary: Checking excessively long DH keys or parameters may
be very slow.
Impact summary: Applications that use the functions DH_check(),
DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may
experience long
delays. Where the key or parameters that are being checked have
been obtained
from an untrusted source this may lead to a Denial of Service.
The function DH_check() performs various checks on DH parameters.
After fixing
CVE-2023-3446 it was discovered that a large q parameter value can
also trigger
an overly long computation during some of these checks. A correct
q value,
if present, cannot be larger than the modulus p parameter, thus it
is
unnecessary to perform these checks if q is larger than p.
An application that calls DH_check() and supplies a key or
parameters obtained
from an untrusted source could be vulnerable to a Denial of
Service attack.
The function DH_check() is itself called by a number of other
OpenSSL functions.
An application calling any of those other functions may similarly
be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().
Also vulnerable are the OpenSSL dhparam and pkeyparam command line
applications
when using the "-check" option.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this
issue.
- CVE-2023-5363 <https://nvd.nist.gov/vuln/detail/CVE-2023-5363> CVSSv3
score: 7.5(High)
Issue summary: A bug has been identified in the processing of key
and
initialisation vector (IV) lengths. This can lead to potential
truncation
or overruns during the initialisation of some symmetric ciphers.
Impact summary: A truncation in the IV can result in
non-uniqueness,
which could result in loss of confidentiality for some cipher
modes.
When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or
EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed
after
the key and IV have been established. Any alterations to the key
length,
via the "keylen" parameter or the IV length, via the "ivlen"
parameter,
within the OSSL_PARAM array will not take effect as intended,
potentially
causing truncation or overreading of these values. The following
ciphers
and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.
For the CCM, GCM and OCB cipher modes, truncation of the IV can
result in
loss of confidentiality. For example, when following NIST's SP
800-38D
section 8.2.1 guidance for constructing a deterministic IV for AES
in
GCM mode, truncation of the counter portion could lead to IV reuse.
Both truncations and overruns of the key and overruns of the IV
will
produce incorrect results and could, in some cases, trigger a
memory
exception. However, these issues are not currently assessed as
security
critical.
Changing the key and/or IV lengths is not considered to be a
common operation
and the vulnerable API was recently introduced. Furthermore it is
likely that
application developers will have spotted this problem during
testing since
decryption would fail unless both peers in the communication were
similarly
vulnerable. For these reasons we expect the probability of an
application being
vulnerable to this to be quite low. However if an application is
vulnerable then
this issue is considered very serious. For these reasons we have
assessed this
issue as Moderate severity overall.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this
because
the issue lies outside of the FIPS provider boundary.
OpenSSL 3.1 and 3.0 are vulnerable to this issue.
- CVE-2023-5678 <https://nvd.nist.gov/vuln/detail/CVE-2023-5678> CVSSv3
score: 5.3(Medium)
Issue summary: Generating excessively long X9.42 DH keys or
checking
excessively long X9.42 DH keys or parameters may be very slow.
Impact summary: Applications that use the functions
DH_generate_key() to
generate an X9.42 DH key may experience long delays. Likewise,
applications
that use DH_check_pub_key(), DH_check_pub_key_ex() or
EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience
long delays.
Where the key or parameters that are being checked have been
obtained from
an untrusted source this may lead to a Denial of Service.
While DH_check() performs all the necessary checks (as of
CVE-2023-3817),
DH_check_pub_key() doesn't make any of these checks, and is
therefore
vulnerable for excessively large P and Q parameters.
Likewise, while DH_generate_key() performs a check for an
excessively large
P, it doesn't check for an excessively large Q.
An application that calls DH_generate_key() or DH_check_pub_key()
and
supplies a key or parameters obtained from an untrusted source
could be
vulnerable to a Denial of Service attack.
DH_generate_key() and DH_check_pub_key() are also called by a
number of
other OpenSSL functions. An application calling any of those other
functions may similarly be affected. The other functions affected
by this
are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and
EVP_PKEY_generate().
Also vulnerable are the OpenSSL pkey command line application when
using the
"-pubcheck" option, as well as the OpenSSL genpkey command line
application.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this
issue.
-
perl
- CVE-2023-47038 <https://nvd.nist.gov/vuln/detail/CVE-2023-47038> CVSSv3
score: 7.8(High)
A vulnerability was found in perl. This issue occurs when a
crafted regular expression is compiled by perl, which can allow an attacker
controlled byte buffer overflow in a heap allocated buffer.
-
traceroute
- CVE-2023-46316 <https://nvd.nist.gov/vuln/detail/CVE-2023-46316> CVSSv3
score: 5.5(Medium)
In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper
scripts do not properly parse command lines.
-
vim
- CVE-2023-5344 <https://nvd.nist.gov/vuln/detail/CVE-2023-5344> CVSSv3
score: 7.5(High)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to
9.0.1969.
- CVE-2023-5441 <https://nvd.nist.gov/vuln/detail/CVE-2023-5441> CVSSv3
score: 5.5(Medium)
NULL Pointer Dereference in GitHub repository vim/vim prior to
20d161ace307e28690229b68584f2d84556f8960.
- CVE-2023-5535 <https://nvd.nist.gov/vuln/detail/CVE-2023-5535> CVSSv3
score: 7.8(High)
Use After Free in GitHub repository vim/vim prior to v9.0.2010.
- CVE-2023-46246 <https://nvd.nist.gov/vuln/detail/CVE-2023-46246> CVSSv3
score: 5.5(Medium)
Vim is an improved version of the good old UNIX editor Vi.
Heap-use-after-free in memory allocated in the function
ga_grow_inner in in the file src/alloc.c at line 748, which is
freed in the file src/ex_docmd.c in the function do_cmdline at
line 1010 and then used again in src/cmdhist.c at line 759. When
using the :history command, it's possible that the provided
argument overflows the accepted value. Causing an Integer Overflow and
potentially later an use-after-free. This vulnerability has been patched in
version 9.0.2068.
<https://hackmd.io/F3S7b5dqT-ax9wK6c8G3eQ#Beta-381510>Beta 3815.1.0
-
-
Go
- CVE-2023-39326 <https://nvd.nist.gov/vuln/detail/CVE-2023-39326> CVSSv3
score: 5.3(Medium)
A malicious HTTP sender can use chunk extensions to cause a
receiver reading from a request or response body to read many more bytes
from the network than are in the body. A malicious HTTP client can further
exploit this to cause a server to automatically read a large amount of data
(up to about 1GiB) when a handler fails to read the entire body of a
request. Chunk extensions are a little-used HTTP feature which permit
including additional metadata in a request or response body sent using the
chunked encoding. The net/http chunked encoding reader discards this
metadata. A sender can exploit this by inserting a large metadata segment
with each byte transferred. The chunk reader now produces an error if the
ratio of real body to encoded bytes grows too small.
- CVE-2023-45285 <https://nvd.nist.gov/vuln/detail/CVE-2023-45285> CVSSv3
score: 7.5(High)
Using go get to fetch a module with the ".git" suffix may
unexpectedly fallback to the insecure "git://" protocol if the module is
unavailable via the secure "https://" and "git+ssh://" protocols, even if
GOINSECURE is not set for said module. This only affects users who are not
using the module proxy and are fetching modules directly (i.e. GOPROXY=off).
-
Linux
-
CVE-2023-1193 <https://nvd.nist.gov/vuln/detail/CVE-2023-1193> CVSSv3
score: n/a
A use-after-free flaw was found in setup_async_work in the KSMBD
implementation of the in-kernel samba server and CIFS in the Linux kernel.
This issue could allow an attacker to crash the system by accessing freed
work.
-
CVE-2023-51779 <https://nvd.nist.gov/vuln/detail/CVE-2023-51779> CVSSv3
score: n/a
-
CVE-2023-51780 <https://nvd.nist.gov/vuln/detail/CVE-2023-51780> CVSSv3
score: n/a
An issue was discovered in the Linux kernel before 6.6.8.
do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a
vcc_recvmsg race condition.
-
CVE-2023-51781 <https://nvd.nist.gov/vuln/detail/CVE-2023-51781> CVSSv3
score: n/a
An issue was discovered in the Linux kernel before 6.6.8.
atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an
atalk_recvmsg race condition.
-
CVE-2023-51782 <https://nvd.nist.gov/vuln/detail/CVE-2023-51782> CVSSv3
score: n/a
An issue was discovered in the Linux kernel before 6.6.8.
rose_ioctl in net/rose/af_rose.c has a use-after-free because of a
rose_accept race condition.
-
CVE-2023-6531 <https://nvd.nist.gov/vuln/detail/CVE-2023-6531> CVSSv3
score: n/a
-
CVE-2023-6606 <https://nvd.nist.gov/vuln/detail/CVE-2023-6606> CVSSv3
score: n/a
An out-of-bounds read vulnerability was found in smbCalcSize in
fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local
attacker to crash the system or leak internal kernel information.
-
CVE-2023-6622 <https://nvd.nist.gov/vuln/detail/CVE-2023-6622> CVSSv3
score: n/a
A null pointer dereference vulnerability was found in
nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux
kernel. This issue may allow a local attacker with CAP_NET_ADMIN user
privilege to trigger a denial of service.
-
CVE-2023-6817 <https://nvd.nist.gov/vuln/detail/CVE-2023-6817> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tables component can be exploited to achieve local privilege escalation.
The function nft_pipapo_walk did not skip inactive elements during
set walk which could lead double deactivations of PIPAPO (Pile Packet
Policies) elements, leading to use-after-free.
We recommend upgrading past commit
317eb9685095678f2c9f5a8189de698c5354316a.
-
CVE-2023-6931 <https://nvd.nist.gov/vuln/detail/CVE-2023-6931> CVSSv3
score: n/a
A heap out-of-bounds write vulnerability in the Linux kernel's
Performance Events system component can be exploited to achieve local
privilege escalation.
A perf_event's read_size can overflow, leading to an heap
out-of-bounds increment or write in perf_read_group().
We recommend upgrading past commit
382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
-
VMWare: open-vm-tools
- CVE-2023-34058 <https://nvd.nist.gov/vuln/detail/CVE-2023-34058> CVSSv3
score: 7.5(High)
VMware Tools contains a SAML token signature bypass
vulnerability. A malicious actor that has been granted Guest Operation
Privileges
https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in
a target virtual machine may be able to elevate their privileges if that
target virtual machine has been assigned a more privileged Guest Alias
https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html
.
- CVE-2023-34059 <https://nvd.nist.gov/vuln/detail/CVE-2023-34059> CVSSv3
score: 7(High)
open-vm-tools contains a file descriptor hijack vulnerability in
the vmware-user-suid-wrapper. A malicious actor with non-root privileges
may be able to hijack the
/dev/uinput file descriptor allowing them to simulate user inputs.
-
nghttp2
- CVE-2023-44487 <https://nvd.nist.gov/vuln/detail/CVE-2023-44487> CVSSv3
score: 7.5(High)
The HTTP/2 protocol allows a denial of service (server resource
consumption) because request cancellation can reset many streams quickly,
as exploited in the wild in August through October 2023.
-
samba
- CVE-2023-4091 <https://nvd.nist.gov/vuln/detail/CVE-2023-4091> CVSSv3
score: n/a
A vulnerability was discovered in Samba, where the flaw allows SMB
clients to truncate files, even with read-only permissions when the Samba
VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls =
yes". The SMB protocol allows opening files when the client requests
read-only access but then implicitly truncates the opened file to 0 bytes
if the client specifies a separate OVERWRITE create disposition request.
The issue arises in configurations that bypass kernel file system
permissions checks, relying solely on Samba's permissions.
-
zlib
- CVE-2023-45853 <https://nvd.nist.gov/vuln/detail/CVE-2023-45853> CVSSv3
score: 9.8(Critical)
MiniZip in zlib through 1.3 has an integer overflow and resultant
heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename,
comment, or extra field. NOTE: MiniZip is not a supported part of the zlib
product. NOTE: pyminizip through 0.2.6 is also vulnerable because it
bundles an affected zlib version, and exposes the applicable MiniZip code
through its compress API.
<https://hackmd.io/F3S7b5dqT-ax9wK6c8G3eQ#Stable-376020>Stable
3760.2.0
-
- Go
- CVE-2023-39323 <https://nvd.nist.gov/vuln/detail/CVE-2023-39323> CVSSv3
score: 8.1(High)
Line directives ("//line") can be used to bypass the restrictions
on "//go:cgo_" directives, allowing blocked linker and compiler flags to be
passed during compilation. This can result in unexpected execution of
arbitrary code when running "go build". The line directive requires the
absolute path of the file in which the directive lives, which makes
exploiting this issue significantly more complex.
- CVE-2023-39322 <https://nvd.nist.gov/vuln/detail/CVE-2023-39322> CVSSv3
score: 7.5(High)
QUIC connections do not set an upper bound on the amount of data
buffered when reading post-handshake messages, allowing a malicious QUIC
connection to cause unbounded memory growth. With fix, connections now
consistently reject messages larger than 65KiB in size.
- CVE-2023-39321 <https://nvd.nist.gov/vuln/detail/CVE-2023-39321> CVSSv3
score: 7.5(High)
Processing an incomplete post-handshake message for a QUIC
connection can cause a panic.
- CVE-2023-39320 <https://nvd.nist.gov/vuln/detail/CVE-2023-39320> CVSSv3
score: 9.8(Critical)
The go.mod toolchain directive, introduced in Go 1.21, can be
leveraged to execute scripts and binaries relative to the root of the
module when the "go" command was executed within the module. This applies
to modules downloaded using the "go" command from the module proxy, as well
as modules downloaded directly using VCS software.
- CVE-2023-39319 <https://nvd.nist.gov/vuln/detail/CVE-2023-39319> CVSSv3
score: 6.1(Medium)
The html/template package does not apply the proper rules for
handling occurrences of "<script", "<!–", and "</script" within JS literals
in <script> contexts. This may cause the template parser to improperly
consider script contexts to be terminated early, causing actions to be
improperly escaped. This could be leveraged to perform an XSS attack.
- CVE-2023-39318 <https://nvd.nist.gov/vuln/detail/CVE-2023-39318> CVSSv3
score: 6.1(Medium)
The html/template package does not properly handle HTML-like ""
comment tokens, nor hashbang "#!" comment tokens, in <script> contexts.
This may cause the template parser to improperly interpret the contents of
<script> contexts, causing actions to be improperly escaped. This may be
leveraged to perform an XSS attack.
- CVE-2023-29409 <https://nvd.nist.gov/vuln/detail/CVE-2023-29409> CVSSv3
score: 5.3(Medium)
Extremely large RSA keys in certificate chains can cause a
client/server to expend significant CPU time verifying signatures. With
fix, the size of RSA keys transmitted during handshakes is restricted to <=
8192 bits. Based on a survey of publicly trusted RSA keys, there are
currently only three certificates in circulation with keys larger than
this, and all three appear to be test certificates that are not actively
deployed. It is possible there are larger keys in use in private PKIs, but
we target the web PKI, so causing breakage here in the interests of
increasing the default safety of users of crypto/tls seems reasonable.
- CVE-2023-29406 <https://nvd.nist.gov/vuln/detail/CVE-2023-29406> CVSSv3
score: 6.5(Medium)
The HTTP/1 client does not fully validate the contents of the Host
header. A maliciously crafted Host header can inject additional headers or
entire requests. With fix, the HTTP/1 client now refuses to send requests
containing an invalid Request.Host or Request.URL.Host value.
- CVE-2023-29405 <https://nvd.nist.gov/vuln/detail/CVE-2023-29405> CVSSv3
score: 9.8(Critical)
The go command may execute arbitrary code at build time when using
cgo. This may occur when running "go get" on a malicious module, or when
running any other command which builds untrusted code. This is can by
triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags
containing embedded spaces are mishandled, allowing disallowed flags to be
smuggled through the LDFLAGS sanitization by including them in the argument
of another flag. This only affects usage of the gccgo compiler.
- CVE-2023-29404 <https://nvd.nist.gov/vuln/detail/CVE-2023-29404> CVSSv3
score: 9.8(Critical)
The go command may execute arbitrary code at build time when using
cgo. This may occur when running "go get" on a malicious module, or when
running any other command which builds untrusted code. This is can by
triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The
arguments for a number of flags which are non-optional are incorrectly
considered optional, allowing disallowed flags to be smuggled through the
LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.
-
CVE-2023-29403 <https://nvd.nist.gov/vuln/detail/CVE-2023-29403> CVSSv3
score: 7.8(High)
On Unix platforms, the Go runtime does not behave differently when
a binary is run with the setuid/setgid bits. This can be dangerous in
certain cases, such as when dumping memory state, or assuming the status of
standard i/o file descriptors. If a setuid/setgid binary is executed with
standard I/O file descriptors closed, opening any files can result in
unexpected content being read or written with elevated privileges.
Similarly, if a setuid/setgid program is terminated, either via panic or
signal, it may leak the contents of its registers.
-
CVE-2023-29402 <https://nvd.nist.gov/vuln/detail/CVE-2023-29402> CVSSv3
score: 9.8(Critical)
The go command may generate unexpected code at build time when
using cgo. This may result in unexpected behavior when running a go program
which uses cgo. This may occur when running an untrusted module which
contains directories with newline characters in their names. Modules which
are retrieved using the go command, i.e. via "go get", are not affected
(modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be
affected).
-
Linux
-
CVE-2020-36516 <https://nvd.nist.gov/vuln/detail/CVE-2020-36516> CVSSv3
score: 5.9(Medium)
An issue was discovered in the Linux kernel through 5.16.11.
The mixed IPID assignment method with the hash-based IPID assignment policy
allows an off-path attacker to inject data into a victim's TCP session or
terminate that session.
-
CVE-2021-26401 <https://nvd.nist.gov/vuln/detail/CVE-2021-26401> CVSSv3
score: 5.6(Medium)
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate
CVE-2017-5715 on some AMD CPUs.
-
CVE-2021-33135 <https://nvd.nist.gov/vuln/detail/CVE-2021-33135> CVSSv3
score: 5.5(Medium)
Uncontrolled resource consumption in the Linux kernel drivers
for Intel® SGX may allow an authenticated user to potentially enable denial
of service via local access.
-
CVE-2021-33655 <https://nvd.nist.gov/vuln/detail/CVE-2021-33655> CVSSv3
score: 6.7(Medium)
When sending malicous data to kernel by ioctl cmd
FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.
-
CVE-2021-3923 <https://nvd.nist.gov/vuln/detail/CVE-2021-3923> CVSSv3
score: 2.3(Low)
A flaw was found in the Linux kernel's implementation of RDMA
over infiniband. An attacker with a privileged local account can leak
kernel stack information when issuing commands to the
/dev/infiniband/rdma_cm device node. While this access is unlikely to leak
sensitive user information, it can be further used to defeat existing
kernel protection mechanisms.
-
CVE-2021-4155 <https://nvd.nist.gov/vuln/detail/CVE-2021-4155> CVSSv3
score: 5.5(Medium)
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in
the XFS filesystem allowed for size increase of files with unaligned size.
A local attacker could use this flaw to leak data on the XFS filesystem
otherwise not accessible to them.
-
CVE-2021-4197 <https://nvd.nist.gov/vuln/detail/CVE-2021-4197> CVSSv3
score: 7.8(High)
An unprivileged write to the file handler flaw in the Linux
kernel's control groups and namespaces subsystem was found in the way users
have access to some less privileged process that are controlled by cgroups
and have higher privileged parent process. It is actually both for cgroup2
and cgroup1 versions of control groups. A local user could use this flaw to
crash the system or escalate their privileges on the system.
-
CVE-2021-43976 <https://nvd.nist.gov/vuln/detail/CVE-2021-43976> CVSSv3
score: 4.6(Medium)
In the Linux kernel through 5.15.2, mwifiex_usb_recv in
drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can
connect a crafted USB device) to cause a denial of service (skb_over_panic).
-
CVE-2021-44879 <https://nvd.nist.gov/vuln/detail/CVE-2021-44879> CVSSv3
score: 5.5(Medium)
In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before
5.16.3, special files are not considered, leading to a move_data_page NULL
pointer dereference.
-
CVE-2021-45469 <https://nvd.nist.gov/vuln/detail/CVE-2021-45469> CVSSv3
score: 7.8(High)
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel
through 5.15.11, there is an out-of-bounds memory access when an inode has
an invalid last xattr entry.
-
CVE-2022-0001 <https://nvd.nist.gov/vuln/detail/CVE-2022-0001> CVSSv3
score: 6.5(Medium)
Non-transparent sharing of branch predictor selectors between
contexts in some Intel® Processors may allow an authorized user to
potentially enable information disclosure via local access.
-
CVE-2022-0002 <https://nvd.nist.gov/vuln/detail/CVE-2022-0002> CVSSv3
score: 6.5(Medium)
Non-transparent sharing of branch predictor within a context in
some Intel® Processors may allow an authorized user to potentially enable
information disclosure via local access.
-
CVE-2022-0168 <https://nvd.nist.gov/vuln/detail/CVE-2022-0168> CVSSv3
score: 4.4(Medium)
A denial of service (DOS) issue was found in the Linux kernel’s
smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet
File System (CIFS) due to an incorrect return from the memdup_user
function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to
crash the system.
-
CVE-2022-0185 <https://nvd.nist.gov/vuln/detail/CVE-2022-0185> CVSSv3
score: 8.4(High)
A heap-based buffer overflow flaw was found in the way the
legacy_parse_param function in the Filesystem Context functionality of the
Linux kernel verified the supplied parameters length. An unprivileged (in
case of unprivileged user namespaces enabled, otherwise needs namespaced
CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not
support the Filesystem Context API (and thus fallbacks to legacy handling)
could use this flaw to escalate their privileges on the system.
-
CVE-2022-0330 <https://nvd.nist.gov/vuln/detail/CVE-2022-0330> CVSSv3
score: 7.8(High)
A random memory access flaw was found in the Linux kernel's GPU
i915 kernel driver functionality in the way a user may run malicious code
on the GPU. This flaw allows a local user to crash the system or escalate
their privileges on the system.
-
CVE-2022-0382 <https://nvd.nist.gov/vuln/detail/CVE-2022-0382> CVSSv3
score: 5.5(Medium)
An information leak flaw was found due to uninitialized memory
in the Linux kernel's TIPC protocol subsystem, in the way a user sends a
TIPC datagram to one or more destinations. This flaw allows a local user to
read some kernel memory. This issue is limited to no more than 7 bytes, and
the user cannot control what is read. This flaw affects the Linux kernel
versions prior to 5.17-rc1.
-
CVE-2022-0433 <https://nvd.nist.gov/vuln/detail/CVE-2022-0433> CVSSv3
score: 5.5(Medium)
A NULL pointer dereference flaw was found in the Linux kernel's
BPF subsystem in the way a user triggers the map_get_next_key function of
the BPF bloom filter. This flaw allows a local user to crash the system.
This flaw affects Linux kernel versions prior to 5.17-rc1.
-
CVE-2022-0435 <https://nvd.nist.gov/vuln/detail/CVE-2022-0435> CVSSv3
score: 8.8(High)
A stack overflow flaw was found in the Linux kernel's TIPC
protocol functionality in the way a user sends a packet with malicious
content where the number of domain member nodes is higher than the 64
allowed. This flaw allows a remote user to crash the system or possibly
escalate their privileges if they have access to the TIPC network.
-
CVE-2022-0487 <https://nvd.nist.gov/vuln/detail/CVE-2022-0487> CVSSv3
score: 5.5(Medium)
A use-after-free vulnerability was found in
rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick
in the Linux kernel. In this flaw, a local attacker with a user privilege
may impact system Confidentiality. This flaw affects kernel versions prior
to 5.14 rc1.
-
CVE-2022-0492 <https://nvd.nist.gov/vuln/detail/CVE-2022-0492> CVSSv3
score: 7.8(High)
A vulnerability was found in the Linux kernel’s
cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This
flaw, under certain circumstances, allows the use of the cgroups v1
release_agent feature to escalate privileges and bypass the namespace
isolation unexpectedly.
-
CVE-2022-0494 <https://nvd.nist.gov/vuln/detail/CVE-2022-0494> CVSSv3
score: 4.4(Medium)
A kernel information leak flaw was identified in the scsi_ioctl
function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows
a local attacker with a special user privilege (CAP_SYS_ADMIN or
CAP_SYS_RAWIO) to create issues with confidentiality.
-
CVE-2022-0500 <https://nvd.nist.gov/vuln/detail/CVE-2022-0500> CVSSv3
score: 7.8(High)
A flaw was found in unrestricted eBPF usage by the
BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux
kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a
local user to crash or escalate their privileges on the system.
-
CVE-2022-0516 <https://nvd.nist.gov/vuln/detail/CVE-2022-0516> CVSSv3
score: 7.8(High)
A vulnerability was found in kvm_s390_guest_sida_op in the
arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This
flaw allows a local attacker with a normal user privilege to obtain
unauthorized memory write access. This flaw affects Linux kernel versions
prior to 5.17-rc4.
-
CVE-2022-0617 <https://nvd.nist.gov/vuln/detail/CVE-2022-0617> CVSSv3
score: 5.5(Medium)
A flaw null pointer dereference in the Linux kernel UDF file
system functionality was found in the way user triggers udf_file_write_iter
function for the malicious UDF image. A local user could use this flaw to
crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.
-
CVE-2022-0742 <https://nvd.nist.gov/vuln/detail/CVE-2022-0742> CVSSv3
score: 7.5(High)
Memory leak in icmp6 implementation in Linux Kernel 5.13+
allows a remote attacker to DoS a host by making it go out-of-memory via
icmp6 packets of type 130 or 131. We recommend upgrading past commit
2d3916f3189172d5c69d33065c3c21119fe539fc.
-
CVE-2022-0847 <https://nvd.nist.gov/vuln/detail/CVE-2022-0847> CVSSv3
score: 7.8(High)
A flaw was found in the way the "flags" member of the new pipe
buffer structure was lacking proper initialization in
copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and
could thus contain stale values. An unprivileged local user could use this
flaw to write to pages in the page cache backed by read only files and as
such escalate their privileges on the system.
-
CVE-2022-0995 <https://nvd.nist.gov/vuln/detail/CVE-2022-0995> CVSSv3
score: 7.8(High)
An out-of-bounds (OOB) memory write flaw was found in the Linux
kernel’s watch_queue event notification subsystem. This flaw can overwrite
parts of the kernel state, potentially allowing a local user to gain
privileged access or cause a denial of service on the system.
-
CVE-2022-1011 <https://nvd.nist.gov/vuln/detail/CVE-2022-1011> CVSSv3
score: 7.8(High)
A use-after-free flaw was found in the Linux kernel’s FUSE
filesystem in the way a user triggers write(). This flaw allows a local
user to gain unauthorized access to data from the FUSE filesystem,
resulting in privilege escalation.
-
CVE-2022-1012 <https://nvd.nist.gov/vuln/detail/CVE-2022-1012> CVSSv3
score: 8.2(High)
A memory leak problem was found in the TCP source port
generation algorithm in net/ipv4/tcp.c due to the small table perturb size.
This flaw may allow an attacker to information leak and may cause a denial
of service problem.
-
CVE-2022-1015 <https://nvd.nist.gov/vuln/detail/CVE-2022-1015> CVSSv3
score: 6.6(Medium)
A flaw was found in the Linux kernel in
linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw
allows a local user to cause an out-of-bounds write issue.
-
CVE-2022-1016 <https://nvd.nist.gov/vuln/detail/CVE-2022-1016> CVSSv3
score: 5.5(Medium)
A flaw was found in the Linux kernel in
net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a
use-after-free. This issue needs to handle 'return' with proper
preconditions, as it can lead to a kernel information leak problem caused
by a local, unprivileged attacker.
-
CVE-2022-1048 <https://nvd.nist.gov/vuln/detail/CVE-2022-1048> CVSSv3
score: 7(High)
A use-after-free flaw was found in the Linux kernel’s sound
subsystem in the way a user triggers concurrent calls of PCM hw_params. The
hw_free ioctls or similar race condition happens inside ALSA PCM for other
ioctls. This flaw allows a local user to crash or potentially escalate
their privileges on the system.
-
CVE-2022-1055 <https://nvd.nist.gov/vuln/detail/CVE-2022-1055> CVSSv3
score: 7.8(High)
A use-after-free exists in the Linux Kernel in tc_new_tfilter
that could allow a local attacker to gain privilege escalation. The exploit
requires unprivileged user namespaces. We recommend upgrading past commit
04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
-
CVE-2022-1158 <https://nvd.nist.gov/vuln/detail/CVE-2022-1158> CVSSv3
score: 7.8(High)
A flaw was found in KVM. When updating a guest's page table
entry, vm_pgoff was improperly used as the offset to get the page's pfn. As
vaddr and vm_pgoff are controllable by user-mode processes, this flaw
allows unprivileged local users on the host to write outside the userspace
region and potentially corrupt the kernel, resulting in a denial of service
condition.
-
CVE-2022-1184 <https://nvd.nist.gov/vuln/detail/CVE-2022-1184> CVSSv3
score: 5.5(Medium)
A use-after-free flaw was found in
fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem
sub-component. This flaw allows a local attacker with a user privilege to
cause a denial of service.
-
CVE-2022-1198 <https://nvd.nist.gov/vuln/detail/CVE-2022-1198> CVSSv3
score: 5.5(Medium)
A use-after-free vulnerabilitity was discovered in
drivers/net/hamradio/6pack.c of linux that allows an attacker to crash
linux kernel by simulating ax25 device using 6pack driver from user space.
-
CVE-2022-1199 <https://nvd.nist.gov/vuln/detail/CVE-2022-1199> CVSSv3
score: 7.5(High)
A flaw was found in the Linux kernel. This flaw allows an
attacker to crash the Linux kernel by simulating amateur radio from the
user space, resulting in a null-ptr-deref vulnerability and a
use-after-free vulnerability.
-
CVE-2022-1204 <https://nvd.nist.gov/vuln/detail/CVE-2022-1204> CVSSv3
score: 5.5(Medium)
A use-after-free flaw was found in the Linux kernel’s Amateur
Radio AX.25 protocol functionality in the way a user connects with the
protocol. This flaw allows a local user to crash the system.
-
CVE-2022-1205 <https://nvd.nist.gov/vuln/detail/CVE-2022-1205> CVSSv3
score: 4.7(Medium)
A NULL pointer dereference flaw was found in the Linux kernel’s
Amateur Radio AX.25 protocol functionality in the way a user connects with
the protocol. This flaw allows a local user to crash the system.
-
CVE-2022-1263 <https://nvd.nist.gov/vuln/detail/CVE-2022-1263> CVSSv3
score: 5.5(Medium)
A NULL pointer dereference issue was found in KVM when
releasing a vCPU with dirty ring support enabled. This flaw allows an
unprivileged local attacker on the host to issue specific ioctl calls,
causing a kernel oops condition that results in a denial of service.
-
CVE-2022-1353 <https://nvd.nist.gov/vuln/detail/CVE-2022-1353> CVSSv3
score: 7.1(High)
A vulnerability was found in the pfkey_register function in
net/key/af_key.c in the Linux kernel. This flaw allows a local,
unprivileged user to gain access to kernel memory, leading to a system
crash or a leak of internal kernel information.
-
CVE-2022-1462 <https://nvd.nist.gov/vuln/detail/CVE-2022-1462> CVSSv3
score: 6.3(Medium)
An out-of-bounds read flaw was found in the Linux kernel’s
TeleTYpe subsystem. The issue occurs in how a user triggers a race
condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC
with leakage of memory in the flush_to_ldisc function. This flaw allows a
local user to crash the system or read unauthorized random data from memory.
-
CVE-2022-1516 <https://nvd.nist.gov/vuln/detail/CVE-2022-1516> CVSSv3
score: 5.5(Medium)
A NULL pointer dereference flaw was found in the Linux kernel’s
X.25 set of standardized network protocols functionality in the way a user
terminates their session using a simulated Ethernet card and continued
usage of this connection. This flaw allows a local user to crash the system.
-
CVE-2022-1651 <https://nvd.nist.gov/vuln/detail/CVE-2022-1651> CVSSv3
score: 7.1(High)
A memory leak flaw was found in the Linux kernel in
acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN
Device Model emulates virtual NICs in VM. This flaw allows a local
privileged attacker to leak unauthorized kernel information, causing a
denial of service.
-
CVE-2022-1652 <https://nvd.nist.gov/vuln/detail/CVE-2022-1652> CVSSv3
score: 7.8(High)
Linux Kernel could allow a local attacker to execute arbitrary
code on the system, caused by a concurrency use-after-free flaw in the
bad_flp_intr function. By executing a specially-crafted program, an
attacker could exploit this vulnerability to execute arbitrary code or
cause a denial of service condition on the system.
-
CVE-2022-1671 <https://nvd.nist.gov/vuln/detail/CVE-2022-1671> CVSSv3
score: 7.1(High)
A NULL pointer dereference flaw was found in rxrpc_preparse_s
in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local
attacker to crash the system or leak internal kernel information.
-
CVE-2022-1679 <https://nvd.nist.gov/vuln/detail/CVE-2022-1679> CVSSv3
score: 7.8(High)
A use-after-free flaw was found in the Linux kernel’s Atheros
wireless adapter driver in the way a user forces the
ath9k_htc_wait_for_target function to fail with some input messages. This
flaw allows a local user to crash or potentially escalate their privileges
on the system.
-
CVE-2022-1729 <https://nvd.nist.gov/vuln/detail/CVE-2022-1729> CVSSv3
score: 7(High)
A race condition was found the Linux kernel in
perf_event_open() which can be exploited by an unprivileged user to gain
root privileges. The bug allows to build several exploit primitives such as
kernel address information leak, arbitrary execution, etc.
-
CVE-2022-1734 <https://nvd.nist.gov/vuln/detail/CVE-2022-1734> CVSSv3
score: 7(High)
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in
drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write
when non synchronized between cleanup routine and firmware download routine.
-
CVE-2022-1789 <https://nvd.nist.gov/vuln/detail/CVE-2022-1789> CVSSv3
score: 6.8(Medium)
With shadow paging enabled, the INVPCID instruction results in
a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the
invlpg callback is not set and the result is a NULL pointer dereference.
-
CVE-2022-1852 <https://nvd.nist.gov/vuln/detail/CVE-2022-1852> CVSSv3
score: 5.5(Medium)
A NULL pointer dereference flaw was found in the Linux kernel’s
KVM module, which can lead to a denial of service in the x86_emulate_insn
in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal
instruction in guest in the Intel CPU.
-
CVE-2022-1882 <https://nvd.nist.gov/vuln/detail/CVE-2022-1882> CVSSv3
score: 7.8(High)
A use-after-free flaw was found in the Linux kernel’s pipes
functionality in how a user performs manipulations with the pipe
post_one_notification() after free_pipe_info() that is already called. This
flaw allows a local user to crash or potentially escalate their privileges
on the system.
-
CVE-2022-1943 <https://nvd.nist.gov/vuln/detail/CVE-2022-1943> CVSSv3
score: 7.8(High)
A flaw out of bounds memory write in the Linux kernel UDF file
system functionality was found in the way user triggers some file operation
which triggers udf_write_fi(). A local user could use this flaw to crash
the system or potentially
-
CVE-2022-1973 <https://nvd.nist.gov/vuln/detail/CVE-2022-1973> CVSSv3
score: 7.1(High)
A use-after-free flaw was found in the Linux kernel in
log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a
local attacker to crash the system and leads to a kernel information leak
problem.
-
CVE-2022-1974 <https://nvd.nist.gov/vuln/detail/CVE-2022-1974> CVSSv3
score: 4.1(Medium)
A use-after-free flaw was found in the Linux kernel's NFC core
functionality due to a race condition between kobject creation and delete.
This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to
leak kernel information.
-
CVE-2022-1975 <https://nvd.nist.gov/vuln/detail/CVE-2022-1975> CVSSv3
score: 5.5(Medium)
There is a sleep-in-atomic bug in /net/nfc/netlink.c that
allows an attacker to crash the Linux kernel by simulating a nfc device
from user-space.
-
CVE-2022-1976 <https://nvd.nist.gov/vuln/detail/CVE-2022-1976> CVSSv3
score: 7.8(High)
A flaw was found in the Linux kernel’s implementation of
IO-URING. This flaw allows an attacker with local executable permission to
create a string of requests that can cause a use-after-free flaw within the
kernel. This issue leads to memory corruption and possible privilege
escalation.
-
CVE-2022-1998 <https://nvd.nist.gov/vuln/detail/CVE-2022-1998> CVSSv3
score: 7.8(High)
A use after free in the Linux kernel File System notify
functionality was found in the way user triggers
copy_info_records_to_user() call to fail in copy_event_to_user(). A local
user could use this flaw to crash the system or potentially escalate their
privileges on the system.
-
CVE-2022-20008 <https://nvd.nist.gov/vuln/detail/CVE-2022-20008> CVSSv3
score: 4.6(Medium)
In mmc_blk_read_single of block.c, there is a possible way to
read kernel heap memory due to uninitialized data. This could lead to local
information disclosure if reading from an SD card that triggers errors,
with no additional execution privileges needed. User interaction is not
needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-216481035References: Upstream kernel
-
CVE-2022-20158 <https://nvd.nist.gov/vuln/detail/CVE-2022-20158> CVSSv3
score: 6.7(Medium)
In bdi_put and bdi_unregister of backing-dev.c, there is a
possible memory corruption due to a use after free. This could lead to
local escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation.Product: AndroidVersions:
Android kernelAndroid ID: A-182815710References: Upstream kernel
-
CVE-2022-20368 <https://nvd.nist.gov/vuln/detail/CVE-2022-20368> CVSSv3
score: 7.8(High)
Product: AndroidVersions: Android kernelAndroid ID:
A-224546354References: Upstream kernel
-
CVE-2022-20369 <https://nvd.nist.gov/vuln/detail/CVE-2022-20369> CVSSv3
score: 6.7(Medium)
In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out
of bounds write due to improper input validation. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation.Product: AndroidVersions:
Android kernelAndroid ID: A-223375145References: Upstream kernel
-
CVE-2022-20421 <https://nvd.nist.gov/vuln/detail/CVE-2022-20421> CVSSv3
score: 7.8(High)
In binder_inc_ref_for_node of binder.c, there is a possible way
to corrupt memory due to a use after free. This could lead to local
escalation of privilege with no additional execution privileges needed.
User interaction is not needed for exploitation.Product: AndroidVersions:
Android kernelAndroid ID: A-239630375References: Upstream kernel
-
CVE-2022-20422 <https://nvd.nist.gov/vuln/detail/CVE-2022-20422> CVSSv3
score: 7(High)
In emulation_proc_handler of armv8_deprecated.c, there is a
possible way to corrupt memory due to a race condition. This could lead to
local escalation of privilege with no additional execution privileges
needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream
kernel
-
CVE-2022-20423 <https://nvd.nist.gov/vuln/detail/CVE-2022-20423> CVSSv3
score: 4.6(Medium)
In rndis_set_response of rndis.c, there is a possible out of
bounds write due to an integer overflow. This could lead to local
escalation of privilege if a malicious USB device is attached with no
additional execution privileges needed. User interaction is not needed for
exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-239842288References: Upstream kernel
-
CVE-2022-20566 <https://nvd.nist.gov/vuln/detail/CVE-2022-20566> CVSSv3
score: 7.8(High)
In l2cap_chan_put of l2cap_core, there is a possible use after
free due to improper locking. This could lead to local escalation of
privilege with no additional execution privileges needed. User interaction
is not needed for exploitation.Product: AndroidVersions: Android
kernelAndroid ID: A-165329981References: Upstream kernel
-
CVE-2022-20572 <https://nvd.nist.gov/vuln/detail/CVE-2022-20572> CVSSv3
score: 6.7(Medium)
In verity_target of dm-verity-target.c, there is a possible way
to modify read-only files due to a missing permission check. This could
lead to local escalation of privilege with System execution privileges
needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream
kernel
-
CVE-2022-2078 <https://nvd.nist.gov/vuln/detail/CVE-2022-2078> CVSSv3
score: 5.5(Medium)
A vulnerability was found in the Linux kernel's
nft_set_desc_concat_parse() function .This flaw allows an attacker to
trigger a buffer overflow via nft_set_desc_concat_parse() , causing a
denial of service and possibly to run code.
-
CVE-2022-21123 <https://nvd.nist.gov/vuln/detail/CVE-2022-21123> CVSSv3
score: 5.5(Medium)
Incomplete cleanup of multi-core shared buffers for some Intel®
Processors may allow an authenticated user to potentially enable
information disclosure via local access.
-
CVE-2022-21125 <https://nvd.nist.gov/vuln/detail/CVE-2022-21125> CVSSv3
score: 5.5(Medium)
Incomplete cleanup of microarchitectural fill buffers on some
Intel® Processors may allow an authenticated user to potentially enable
information disclosure via local access.
-
CVE-2022-21166 <https://nvd.nist.gov/vuln/detail/CVE-2022-21166> CVSSv3
score: 5.5(Medium)
Incomplete cleanup in specific special register write
operations for some Intel® Processors may allow an authenticated user to
potentially enable information disclosure via local access.
-
CVE-2022-21499 <https://nvd.nist.gov/vuln/detail/CVE-2022-21499> CVSSv3
score: n/a
KGDB and KDB allow read and write access to kernel memory, and
thus should be restricted during lockdown. An attacker with access to a
serial port could trigger the debugger so it is important that the debugger
respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7
(Confidentiality, Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
-
CVE-2022-21505 <https://nvd.nist.gov/vuln/detail/CVE-2022-21505> CVSSv3
score: n/a
-
CVE-2022-2153 <https://nvd.nist.gov/vuln/detail/CVE-2022-2153> CVSSv3
score: 5.5(Medium)
A flaw was found in the Linux kernel’s KVM when attempting to
set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to
write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw
allows an unprivileged local attacker on the host to issue specific ioctl
calls, causing a kernel oops condition that results in a denial of service.
-
CVE-2022-2196 <https://nvd.nist.gov/vuln/detail/CVE-2022-2196> CVSSv3
score: 8.8(High)
A regression exists in the Linux Kernel within KVM: nVMX that
allowed for speculative execution attacks. L2 can carry out Spectre v2
attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after
running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at
L2 with code execution can execute code on an indirect branch on the host
machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a
-
CVE-2022-22942 <https://nvd.nist.gov/vuln/detail/CVE-2022-22942> CVSSv3
score: n/a
The vmwgfx driver contains a local privilege escalation
vulnerability that allows unprivileged users to gain access to files opened
by other processes on the system through a dangling 'file' pointer.
-
CVE-2022-23036 <https://nvd.nist.gov/vuln/detail/CVE-2022-23036> CVSSv3
score: 7(High)
Linux PV device frontends vulnerable to attacks by backends
T[his CNA information record relates to multiple CVEs; the text explains
which aspects/vulnerabilities correspond to which CVE.] Several Linux PV
device frontends are using the grant table interfaces for removing access
rights of the backends in ways being subject to race conditions, resulting
in potential data leaks, data corruption by malicious backends, and denial
of service triggered by malicious backends: blkfront, netfront, scsifront
and the gntalloc driver are testing whether a grant reference is still in
use. If this is not the case, they assume that a following removal of the
granted access will always succeed, which is not true in case the backend
has mapped the granted page between those two operations. As a result the
backend can keep access to the memory page of the guest no matter how the
page will be used after the frontend I/O has finished. The xenbus driver
has a similar problem, as it doesn't check the success of removing the
granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront:
CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus:
CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p,
kbdfront, and pvcalls are using a functionality to delay freeing a grant
reference until it is no longer in use, but the freeing of the related data
page is not synchronized with dropping the granted access. As a result the
backend can keep access to the memory page even after it has been freed and
then re-used for a different purpose. CVE-2022-23041 netfront will fail a
BUG_ON() assertion if it fails to revoke access in the rx path. This will
result in a Denial of Service (DoS) situation of the guest which can be
triggered by the backend. CVE-2022-23042
-
CVE-2022-23037 <https://nvd.nist.gov/vuln/detail/CVE-2022-23037> CVSSv3
score: 7(High)
Linux PV device frontends vulnerable to attacks by backends
T[his CNA information record relates to multiple CVEs; the text explains
which aspects/vulnerabilities correspond to which CVE.] Several Linux PV
device frontends are using the grant table interfaces for removing access
rights of the backends in ways being subject to race conditions, resulting
in potential data leaks, data corruption by malicious backends, and denial
of service triggered by malicious backends: blkfront, netfront, scsifront
and the gntalloc driver are testing whether a grant reference is still in
use. If this is not the case, they assume that a following removal of the
granted access will always succeed, which is not true in case the backend
has mapped the granted page between those two operations. As a result the
backend can keep access to the memory page of the guest no matter how the
page will be used after the frontend I/O has finished. The xenbus driver
has a similar problem, as it doesn't check the success of removing the
granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront:
CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus:
CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p,
kbdfront, and pvcalls are using a functionality to delay freeing a grant
reference until it is no longer in use, but the freeing of the related data
page is not synchronized with dropping the granted access. As a result the
backend can keep access to the memory page even after it has been freed and
then re-used for a different purpose. CVE-2022-23041 netfront will fail a
BUG_ON() assertion if it fails to revoke access in the rx path. This will
result in a Denial of Service (DoS) situation of the guest which can be
triggered by the backend. CVE-2022-23042
-
CVE-2022-23038 <https://nvd.nist.gov/vuln/detail/CVE-2022-23038> CVSSv3
score: 7(High)
Linux PV device frontends vulnerable to attacks by backends
T[his CNA information record relates to multiple CVEs; the text explains
which aspects/vulnerabilities correspond to which CVE.] Several Linux PV
device frontends are using the grant table interfaces for removing access
rights of the backends in ways being subject to race conditions, resulting
in potential data leaks, data corruption by malicious backends, and denial
of service triggered by malicious backends: blkfront, netfront, scsifront
and the gntalloc driver are testing whether a grant reference is still in
use. If this is not the case, they assume that a following removal of the
granted access will always succeed, which is not true in case the backend
has mapped the granted page between those two operations. As a result the
backend can keep access to the memory page of the guest no matter how the
page will be used after the frontend I/O has finished. The xenbus driver
has a similar problem, as it doesn't check the success of removing the
granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront:
CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus:
CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p,
kbdfront, and pvcalls are using a functionality to delay freeing a grant
reference until it is no longer in use, but the freeing of the related data
page is not synchronized with dropping the granted access. As a result the
backend can keep access to the memory page even after it has been freed and
then re-used for a different purpose. CVE-2022-23041 netfront will fail a
BUG_ON() assertion if it fails to revoke access in the rx path. This will
result in a Denial of Service (DoS) situation of the guest which can be
triggered by the backend. CVE-2022-23042
-
CVE-2022-23039 <https://nvd.nist.gov/vuln/detail/CVE-2022-23039> CVSSv3
score: 7(High)
Linux PV device frontends vulnerable to attacks by backends
T[his CNA information record relates to multiple CVEs; the text explains
which aspects/vulnerabilities correspond to which CVE.] Several Linux PV
device frontends are using the grant table interfaces for removing access
rights of the backends in ways being subject to race conditions, resulting
in potential data leaks, data corruption by malicious backends, and denial
of service triggered by malicious backends: blkfront, netfront, scsifront
and the gntalloc driver are testing whether a grant reference is still in
use. If this is not the case, they assume that a following removal of the
granted access will always succeed, which is not true in case the backend
has mapped the granted page between those two operations. As a result the
backend can keep access to the memory page of the guest no matter how the
page will be used after the frontend I/O has finished. The xenbus driver
has a similar problem, as it doesn't check the success of removing the
granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront:
CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus:
CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p,
kbdfront, and pvcalls are using a functionality to delay freeing a grant
reference until it is no longer in use, but the freeing of the related data
page is not synchronized with dropping the granted access. As a result the
backend can keep access to the memory page even after it has been freed and
then re-used for a different purpose. CVE-2022-23041 netfront will fail a
BUG_ON() assertion if it fails to revoke access in the rx path. This will
result in a Denial of Service (DoS) situation of the guest which can be
triggered by the backend. CVE-2022-23042
-
CVE-2022-23040 <https://nvd.nist.gov/vuln/detail/CVE-2022-23040> CVSSv3
score: 7(High)
Linux PV device frontends vulnerable to attacks by backends
T[his CNA information record relates to multiple CVEs; the text explains
which aspects/vulnerabilities correspond to which CVE.] Several Linux PV
device frontends are using the grant table interfaces for removing access
rights of the backends in ways being subject to race conditions, resulting
in potential data leaks, data corruption by malicious backends, and denial
of service triggered by malicious backends: blkfront, netfront, scsifront
and the gntalloc driver are testing whether a grant reference is still in
use. If this is not the case, they assume that a following removal of the
granted access will always succeed, which is not true in case the backend
has mapped the granted page between those two operations. As a result the
backend can keep access to the memory page of the guest no matter how the
page will be used after the frontend I/O has finished. The xenbus driver
has a similar problem, as it doesn't check the success of removing the
granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront:
CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus:
CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p,
kbdfront, and pvcalls are using a functionality to delay freeing a grant
reference until it is no longer in use, but the freeing of the related data
page is not synchronized with dropping the granted access. As a result the
backend can keep access to the memory page even after it has been freed and
then re-used for a different purpose. CVE-2022-23041 netfront will fail a
BUG_ON() assertion if it fails to revoke access in the rx path. This will
result in a Denial of Service (DoS) situation of the guest which can be
triggered by the backend. CVE-2022-23042
-
CVE-2022-23041 <https://nvd.nist.gov/vuln/detail/CVE-2022-23041> CVSSv3
score: 7(High)
Linux PV device frontends vulnerable to attacks by backends
T[his CNA information record relates to multiple CVEs; the text explains
which aspects/vulnerabilities correspond to which CVE.] Several Linux PV
device frontends are using the grant table interfaces for removing access
rights of the backends in ways being subject to race conditions, resulting
in potential data leaks, data corruption by malicious backends, and denial
of service triggered by malicious backends: blkfront, netfront, scsifront
and the gntalloc driver are testing whether a grant reference is still in
use. If this is not the case, they assume that a following removal of the
granted access will always succeed, which is not true in case the backend
has mapped the granted page between those two operations. As a result the
backend can keep access to the memory page of the guest no matter how the
page will be used after the frontend I/O has finished. The xenbus driver
has a similar problem, as it doesn't check the success of removing the
granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront:
CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus:
CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p,
kbdfront, and pvcalls are using a functionality to delay freeing a grant
reference until it is no longer in use, but the freeing of the related data
page is not synchronized with dropping the granted access. As a result the
backend can keep access to the memory page even after it has been freed and
then re-used for a different purpose. CVE-2022-23041 netfront will fail a
BUG_ON() assertion if it fails to revoke access in the rx path. This will
result in a Denial of Service (DoS) situation of the guest which can be
triggered by the backend. CVE-2022-23042
-
CVE-2022-23042 <https://nvd.nist.gov/vuln/detail/CVE-2022-23042> CVSSv3
score: 7(High)
Linux PV device frontends vulnerable to attacks by backends
T[his CNA information record relates to multiple CVEs; the text explains
which aspects/vulnerabilities correspond to which CVE.] Several Linux PV
device frontends are using the grant table interfaces for removing access
rights of the backends in ways being subject to race conditions, resulting
in potential data leaks, data corruption by malicious backends, and denial
of service triggered by malicious backends: blkfront, netfront, scsifront
and the gntalloc driver are testing whether a grant reference is still in
use. If this is not the case, they assume that a following removal of the
granted access will always succeed, which is not true in case the backend
has mapped the granted page between those two operations. As a result the
backend can keep access to the memory page of the guest no matter how the
page will be used after the frontend I/O has finished. The xenbus driver
has a similar problem, as it doesn't check the success of removing the
granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront:
CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus:
CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p,
kbdfront, and pvcalls are using a functionality to delay freeing a grant
reference until it is no longer in use, but the freeing of the related data
page is not synchronized with dropping the granted access. As a result the
backend can keep access to the memory page even after it has been freed and
then re-used for a different purpose. CVE-2022-23041 netfront will fail a
BUG_ON() assertion if it fails to revoke access in the rx path. This will
result in a Denial of Service (DoS) situation of the guest which can be
triggered by the backend. CVE-2022-23042
-
CVE-2022-2308 <https://nvd.nist.gov/vuln/detail/CVE-2022-2308> CVSSv3
score: 6.5(Medium)
A flaw was found in vDPA with VDUSE backend. There are
currently no checks in VDUSE kernel driver to ensure the size of the device
config space is in line with the features advertised by the VDUSE userspace
application. In case of a mismatch, Virtio drivers config read helpers do
not initialize the memory indirectly passed to vduse_vdpa_get_config()
returning uninitialized memory from the stack. This could cause undefined
behavior or data leaks in Virtio drivers.
-
CVE-2022-2318 <https://nvd.nist.gov/vuln/detail/CVE-2022-2318> CVSSv3
score: 5.5(Medium)
There are use-after-free vulnerabilities caused by timer
handler in net/rose/rose_timer.c of linux that allow attackers to crash
linux kernel without any privileges.
-
CVE-2022-23222 <https://nvd.nist.gov/vuln/detail/CVE-2022-23222> CVSSv3
score: 7.8(High)
kernel/bpf/verifier.c in the Linux kernel through 5.15.14
allows local users to gain privileges because of the availability of
pointer arithmetic via certain *_OR_NULL pointer types.
-
CVE-2022-2380 <https://nvd.nist.gov/vuln/detail/CVE-2022-2380> CVSSv3
score: 5.5(Medium)
The Linux kernel was found vulnerable out of bounds memory
access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The
vulnerability could result in local attackers being able to crash the
kernel.
-
CVE-2022-23960 <https://nvd.nist.gov/vuln/detail/CVE-2022-23960> CVSSv3
score: 5.6(Medium)
Certain Arm Cortex and Neoverse processors through 2022-03-08
do not properly restrict cache speculation, aka Spectre-BHB. An attacker
can leverage the shared branch history in the Branch History Buffer (BHB)
to influence mispredicted branches. Then, cache allocation can allow the
attacker to obtain sensitive information.
-
CVE-2022-24448 <https://nvd.nist.gov/vuln/detail/CVE-2022-24448> CVSSv3
score: 3.3(Low)
An issue was discovered in fs/nfs/dir.c in the Linux kernel
before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to
open a regular file, nfs_atomic_open() performs a regular lookup. If a
regular file is found, ENOTDIR should occur, but the server instead returns
uninitialized data in the file descriptor.
-
CVE-2022-24958 <https://nvd.nist.gov/vuln/detail/CVE-2022-24958> CVSSv3
score: 7.8(High)
drivers/usb/gadget/legacy/inode.c in the Linux kernel through
5.16.8 mishandles dev->buf release.
-
CVE-2022-24959 <https://nvd.nist.gov/vuln/detail/CVE-2022-24959> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel before 5.16.5.
There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.
-
CVE-2022-2503 <https://nvd.nist.gov/vuln/detail/CVE-2022-2503> CVSSv3
score: 6.7(Medium)
Dm-verity is used for extending root-of-trust to root
filesystems. LoadPin builds on this property to restrict module/firmware
loads to just the trusted root filesystem. Device-mapper table reloads
currently allow users with root privileges to switch out the target with an
equivalent dm-linear target and bypass verification till reboot. This
allows root to bypass LoadPin and can be used to load untrusted and
unverified kernel modules and firmware, which implies arbitrary kernel
execution and persistence for peripherals that do not verify firmware
updates. We recommend upgrading past commit
4caae58406f8ceb741603eee460d79bacca9b1b5
-
CVE-2022-25258 <https://nvd.nist.gov/vuln/detail/CVE-2022-25258> CVSSv3
score: 4.6(Medium)
An issue was discovered in drivers/usb/gadget/composite.c in
the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain
validation of interface OS descriptor requests (ones with a large array
index and ones associated with NULL function pointer retrieval). Memory
corruption might occur.
-
CVE-2022-25375 <https://nvd.nist.gov/vuln/detail/CVE-2022-25375> CVSSv3
score: 5.5(Medium)
An issue was discovered in drivers/usb/gadget/function/rndis.c
in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation
of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive
information from kernel memory.
-
CVE-2022-25636 <https://nvd.nist.gov/vuln/detail/CVE-2022-25636> CVSSv3
score: 7.8(High)
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through
5.6.10 allows local users to gain privileges because of a heap
out-of-bounds write. This is related to nf_tables_offload.
-
CVE-2022-2585 <https://nvd.nist.gov/vuln/detail/CVE-2022-2585> CVSSv3
score: n/a
It was discovered that when exec'ing from a non-leader thread,
armed POSIX CPU timers would be left on a list but freed, leading to a
use-after-free.
-
CVE-2022-2586 <https://nvd.nist.gov/vuln/detail/CVE-2022-2586> CVSSv3
score: 7.8(High)
It was discovered that a nft object or expression could
reference a nft set on a different nft table, leading to a use-after-free
once that table was deleted.
-
CVE-2022-2588 <https://nvd.nist.gov/vuln/detail/CVE-2022-2588> CVSSv3
score: 7.8(High)
It was discovered that the cls_route filter implementation in
the Linux kernel would not remove an old filter from the hashtable before
freeing it if its handle had the value 0.
-
CVE-2022-2590 <https://nvd.nist.gov/vuln/detail/CVE-2022-2590> CVSSv3
score: 7(High)
A race condition was found in the way the Linux kernel's memory
subsystem handled the copy-on-write (COW) breakage of private read-only
shared memory mappings. This flaw allows an unprivileged, local user to
gain write access to read-only memory mappings, increasing their privileges
on the system.
-
CVE-2022-2602 <https://nvd.nist.gov/vuln/detail/CVE-2022-2602> CVSSv3
score: 7(High)
io_uring UAF, Unix SCM garbage collection
-
CVE-2022-26365 <https://nvd.nist.gov/vuln/detail/CVE-2022-26365> CVSSv3
score: 7.1(High)
Linux disk/nic frontends data leaks T[his CNA information
record relates to multiple CVEs; the text explains which
aspects/vulnerabilities correspond to which CVE.] Linux Block and Network
PV device frontends don't zero memory regions before sharing them with the
backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of
the grant table doesn't allow sharing less than a 4K page, leading to
unrelated data residing in the same 4K page as data shared with a backend
being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
-
CVE-2022-26373 <https://nvd.nist.gov/vuln/detail/CVE-2022-26373> CVSSv3
score: 5.5(Medium)
Non-transparent sharing of return predictor targets between
contexts in some Intel® Processors may allow an authorized user to
potentially enable information disclosure via local access.
-
CVE-2022-2639 <https://nvd.nist.gov/vuln/detail/CVE-2022-2639> CVSSv3
score: 7.8(High)
An integer coercion error was found in the openvswitch kernel
module. Given a sufficiently large number of actions, while copying and
reserving memory for a new action of a new flow, the reserve_sfa_size()
function does not return -EMSGSIZE as expected, potentially leading to an
out-of-bounds write access. This flaw allows a local user to crash or
potentially escalate their privileges on the system.
-
CVE-2022-26490 <https://nvd.nist.gov/vuln/detail/CVE-2022-26490> CVSSv3
score: 7.8(High)
st21nfca_connectivity_event_received in
drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has
EVT_TRANSACTION buffer overflows because of untrusted length parameters.
-
CVE-2022-2663 <https://nvd.nist.gov/vuln/detail/CVE-2022-2663> CVSSv3
score: 5.3(Medium)
An issue was found in the Linux kernel in nf_conntrack_irc
where the message handling can be confused and incorrectly matches the
message. A firewall may be able to be bypassed when users are using
unencrypted IRC with nf_conntrack_irc configured.
-
CVE-2022-26966 <https://nvd.nist.gov/vuln/detail/CVE-2022-26966> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel before 5.16.12.
drivers/net/usb/sr9700.c allows attackers to obtain sensitive information
from heap memory via crafted frame lengths from a device.
-
CVE-2022-27223 <https://nvd.nist.gov/vuln/detail/CVE-2022-27223> CVSSv3
score: 8.8(High)
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel
before 5.16.12, the endpoint index is not validated and might be
manipulated by the host for out-of-array access.
-
CVE-2022-27666 <https://nvd.nist.gov/vuln/detail/CVE-2022-27666> CVSSv3
score: 7.8(High)
A heap buffer overflow flaw was found in IPsec ESP
transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw
allows a local attacker with a normal user privilege to overwrite kernel
heap objects and may cause a local privilege escalation threat.
-
CVE-2022-27672 <https://nvd.nist.gov/vuln/detail/CVE-2022-27672> CVSSv3
score: 4.7(Medium)
When SMT is enabled, certain AMD processors may speculatively
execute instructions using a target from the sibling thread after an SMT
mode switch potentially resulting in information disclosure.
-
CVE-2022-2785 <https://nvd.nist.gov/vuln/detail/CVE-2022-2785> CVSSv3
score: 5.5(Medium)
There exists an arbitrary memory read within the Linux Kernel
BPF - Constants provided to fill pointers in structs passed in to
bpf_sys_bpf are not verified and can point anywhere, including memory not
owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from
anywhere on the system. We recommend upgrading past commit 86f44fcec22c
-
CVE-2022-27950 <https://nvd.nist.gov/vuln/detail/CVE-2022-27950> CVSSv3
score: 5.5(Medium)
In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a
memory leak exists for a certain hid_parse error condition.
-
CVE-2022-28356 <https://nvd.nist.gov/vuln/detail/CVE-2022-28356> CVSSv3
score: 5.5(Medium)
In the Linux kernel before 5.17.1, a refcount leak bug was
found in net/llc/af_llc.c.
-
CVE-2022-28388 <https://nvd.nist.gov/vuln/detail/CVE-2022-28388> CVSSv3
score: 5.5(Medium)
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the
Linux kernel through 5.17.1 has a double free.
-
CVE-2022-28389 <https://nvd.nist.gov/vuln/detail/CVE-2022-28389> CVSSv3
score: 5.5(Medium)
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the
Linux kernel through 5.17.1 has a double free.
-
CVE-2022-28390 <https://nvd.nist.gov/vuln/detail/CVE-2022-28390> CVSSv3
score: 7.8(High)
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the
Linux kernel through 5.17.1 has a double free.
-
CVE-2022-2873 <https://nvd.nist.gov/vuln/detail/CVE-2022-2873> CVSSv3
score: 5.5(Medium)
An out-of-bounds memory access flaw was found in the Linux
kernel Intel’s iSMT SMBus host controller driver in the way a user triggers
the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input
data. This flaw allows a local user to crash the system.
-
CVE-2022-28796 <https://nvd.nist.gov/vuln/detail/CVE-2022-28796> CVSSv3
score: 7(High)
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux
kernel before 5.17.1 has a use-after-free caused by a transaction_t race
condition.
-
CVE-2022-28893 <https://nvd.nist.gov/vuln/detail/CVE-2022-28893> CVSSv3
score: 7.8(High)
The SUNRPC subsystem in the Linux kernel through 5.17.2 can
call xs_xprt_free before ensuring that sockets are in the intended state.
-
CVE-2022-2905 <https://nvd.nist.gov/vuln/detail/CVE-2022-2905> CVSSv3
score: 5.5(Medium)
An out-of-bounds memory read flaw was found in the Linux
kernel's BPF subsystem in how a user calls the bpf_tail_call function with
a key larger than the max_entries of the map. This flaw allows a local user
to gain unauthorized access to data.
-
CVE-2022-29156 <https://nvd.nist.gov/vuln/detail/CVE-2022-29156> CVSSv3
score: 7.8(High)
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel
before 5.16.12 has a double free related to rtrs_clt_dev_release.
-
CVE-2022-2938 <https://nvd.nist.gov/vuln/detail/CVE-2022-2938> CVSSv3
score: 7.8(High)
A flaw was found in the Linux kernel's implementation of
Pressure Stall Information. While the feature is disabled by default, it
could allow an attacker to crash the system or have other memory-corruption
side effects.
-
CVE-2022-29581 <https://nvd.nist.gov/vuln/detail/CVE-2022-29581> CVSSv3
score: n/a
Improper Update of Reference Count vulnerability in net/sched
of Linux Kernel allows local attacker to cause privilege escalation to
root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14
and later versions.
-
CVE-2022-29582 <https://nvd.nist.gov/vuln/detail/CVE-2022-29582> CVSSv3
score: 7(High)
In the Linux kernel before 5.17.3, fs/io_uring.c has a
use-after-free due to a race condition in io_uring timeouts. This can be
triggered by a local user who has no access to any user namespace; however,
the race condition perhaps can only be exploited infrequently.
-
CVE-2022-2959 <https://nvd.nist.gov/vuln/detail/CVE-2022-2959> CVSSv3
score: 7(High)
A race condition was found in the Linux kernel's watch queue
due to a missing lock in pipe_resize_ring(). The specific flaw exists
within the handling of pipe buffers. The issue results from the lack of
proper locking when performing operations on an object. This flaw allows a
local user to crash the system or escalate their privileges on the system.
-
CVE-2022-2964 <https://nvd.nist.gov/vuln/detail/CVE-2022-2964> CVSSv3
score: 7.8(High)
A flaw was found in the Linux kernel’s driver for the ASIX
AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability
contains multiple out-of-bounds reads and possible out-of-bounds writes.
-
CVE-2022-2977 <https://nvd.nist.gov/vuln/detail/CVE-2022-2977> CVSSv3
score: 7.8(High)
A flaw was found in the Linux kernel implementation of proxied
virtualized TPM devices. On a system where virtualized TPM devices are
configured (this is not the default) a local attacker can create a
use-after-free and create a situation where it may be possible to escalate
privileges on the system.
-
CVE-2022-2978 <https://nvd.nist.gov/vuln/detail/CVE-2022-2978> CVSSv3
score: 7.8(High)
A flaw use after free in the Linux kernel NILFS file system was
found in the way user triggers function security_inode_alloc to fail with
following call to function nilfs_mdt_destroy. A local user could use this
flaw to crash the system or potentially escalate their privileges on the
system.
-
CVE-2022-29900 <https://nvd.nist.gov/vuln/detail/CVE-2022-29900> CVSSv3
score: 6.5(Medium)
Mis-trained branch predictions for return instructions may
allow arbitrary speculative code execution under certain
microarchitecture-dependent conditions.
-
CVE-2022-29901 <https://nvd.nist.gov/vuln/detail/CVE-2022-29901> CVSSv3
score: 6.5(Medium)
Intel microprocessor generations 6 to 8 are affected by a new
Spectre variant that is able to bypass their retpoline mitigation in the
kernel to leak arbitrary data. An attacker with unprivileged user access
can hijack return instructions to achieve arbitrary speculative code
execution under certain microarchitecture-dependent conditions.
-
CVE-2022-29968 <https://nvd.nist.gov/vuln/detail/CVE-2022-29968> CVSSv3
score: 7.8(High)
An issue was discovered in the Linux kernel through 5.17.5.
io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.
-
CVE-2022-3028 <https://nvd.nist.gov/vuln/detail/CVE-2022-3028> CVSSv3
score: 7(High)
A race condition was found in the Linux kernel's IP framework
for transforming packets (XFRM subsystem) when multiple calls to
xfrm_probe_algs occurred simultaneously. This flaw could allow a local
attacker to potentially trigger an out-of-bounds write or leak kernel heap
memory by performing an out-of-bounds read and copying it into a socket.
-
CVE-2022-30594 <https://nvd.nist.gov/vuln/detail/CVE-2022-30594> CVSSv3
score: 7.8(High)
The Linux kernel before 5.17.2 mishandles seccomp permissions.
The PTRACE_SEIZE code path allows attackers to bypass intended restrictions
on setting the PT_SUSPEND_SECCOMP flag.
-
CVE-2022-3077 <https://nvd.nist.gov/vuln/detail/CVE-2022-3077> CVSSv3
score: 5.5(Medium)
A buffer overflow vulnerability was found in the Linux kernel
Intel’s iSMT SMBus host controller driver in the way it handled the
I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious
input data. This flaw could allow a local user to crash the system.
-
CVE-2022-3078 <https://nvd.nist.gov/vuln/detail/CVE-2022-3078> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel through 5.16-rc6.
There is a lack of check after calling vzalloc() and lack of free after
allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.
-
CVE-2022-3104 <https://nvd.nist.gov/vuln/detail/CVE-2022-3104> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel through 5.16-rc6.
lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return
value of kmalloc() and will cause the null pointer dereference.
-
CVE-2022-3105 <https://nvd.nist.gov/vuln/detail/CVE-2022-3105> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel through 5.16-rc6.
uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of
kmalloc_array().
-
CVE-2022-3107 <https://nvd.nist.gov/vuln/detail/CVE-2022-3107> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel through 5.16-rc6.
netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of
the return value of kvmalloc_array() and will cause the null pointer
dereference.
-
CVE-2022-3108 <https://nvd.nist.gov/vuln/detail/CVE-2022-3108> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel through 5.16-rc6.
kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks
check of the return value of kmemdup().
-
CVE-2022-3110 <https://nvd.nist.gov/vuln/detail/CVE-2022-3110> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel through 5.16-rc6.
_rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check
of the return value of rtw_alloc_hwxmits() and will cause the null pointer
dereference.
-
CVE-2022-3111 <https://nvd.nist.gov/vuln/detail/CVE-2022-3111> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel through 5.16-rc6.
free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of
WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().
-
CVE-2022-3112 <https://nvd.nist.gov/vuln/detail/CVE-2022-3112> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel through 5.16-rc6.
amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c
lacks check of the return value of kzalloc() and will cause the null
pointer dereference.
-
CVE-2022-3113 <https://nvd.nist.gov/vuln/detail/CVE-2022-3113> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel through 5.16-rc6.
mtk_vcodec_fw_vpu_init in
drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the
return value of devm_kzalloc() and will cause the null pointer dereference.
-
CVE-2022-3115 <https://nvd.nist.gov/vuln/detail/CVE-2022-3115> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel through 5.16-rc6.
malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the
return value of kzalloc() and will cause the null pointer dereference.
-
CVE-2022-3169 <https://nvd.nist.gov/vuln/detail/CVE-2022-3169> CVSSv3
score: 5.5(Medium)
A flaw was found in the Linux kernel. A denial of service flaw
may occur if there is a consecutive request of the NVME_IOCTL_RESET and the
NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in
a PCIe link disconnect.
-
CVE-2022-3202 <https://nvd.nist.gov/vuln/detail/CVE-2022-3202> CVSSv3
score: 7.1(High)
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in
Journaled File System (JFS)in the Linux kernel. This could allow a local
attacker to crash the system or leak kernel internal information.
-
CVE-2022-32250 <https://nvd.nist.gov/vuln/detail/CVE-2022-32250> CVSSv3
score: 7.8(High)
net/netfilter/nf_tables_api.c in the Linux kernel through
5.18.1 allows a local user (able to create user/net namespaces) to escalate
privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a
use-after-free.
-
CVE-2022-32296 <https://nvd.nist.gov/vuln/detail/CVE-2022-32296> CVSSv3
score: 3.3(Low)
The Linux kernel before 5.17.9 allows TCP servers to identify
clients by observing what source ports are used. This occurs because of use
of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
-
CVE-2022-3239 <https://nvd.nist.gov/vuln/detail/CVE-2022-3239> CVSSv3
score: 7.8(High)
A flaw use after free in the Linux kernel video4linux driver
was found in the way user triggers em28xx_usb_probe() for the Empia 28xx
based TV cards. A local user could use this flaw to crash the system or
potentially escalate their privileges on the system.
-
CVE-2022-32981 <https://nvd.nist.gov/vuln/detail/CVE-2022-32981> CVSSv3
score: 7.8(High)
An issue was discovered in the Linux kernel through 5.18.3 on
powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and
POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.
-
CVE-2022-3303 <https://nvd.nist.gov/vuln/detail/CVE-2022-3303> CVSSv3
score: 4.7(Medium)
A race condition flaw was found in the Linux kernel sound
subsystem due to improper locking. It could lead to a NULL pointer
dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local
user (root or member of the audio group) could use this flaw to crash the
system, resulting in a denial of service condition
-
CVE-2022-3344 <https://nvd.nist.gov/vuln/detail/CVE-2022-3344> CVSSv3
score: 5.5(Medium)
A flaw was found in the KVM's AMD nested virtualization (SVM).
A malicious L1 guest could purposely fail to intercept the shutdown of a
cooperative nested guest (L2), possibly leading to a page fault and kernel
panic in the host (L0).
-
CVE-2022-33740 <https://nvd.nist.gov/vuln/detail/CVE-2022-33740> CVSSv3
score: 7.1(High)
Linux disk/nic frontends data leaks T[his CNA information
record relates to multiple CVEs; the text explains which
aspects/vulnerabilities correspond to which CVE.] Linux Block and Network
PV device frontends don't zero memory regions before sharing them with the
backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of
the grant table doesn't allow sharing less than a 4K page, leading to
unrelated data residing in the same 4K page as data shared with a backend
being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
-
CVE-2022-33741 <https://nvd.nist.gov/vuln/detail/CVE-2022-33741> CVSSv3
score: 7.1(High)
Linux disk/nic frontends data leaks T[his CNA information
record relates to multiple CVEs; the text explains which
aspects/vulnerabilities correspond to which CVE.] Linux Block and Network
PV device frontends don't zero memory regions before sharing them with the
backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of
the grant table doesn't allow sharing less than a 4K page, leading to
unrelated data residing in the same 4K page as data shared with a backend
being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
-
CVE-2022-33742 <https://nvd.nist.gov/vuln/detail/CVE-2022-33742> CVSSv3
score: 7.1(High)
Linux disk/nic frontends data leaks T[his CNA information
record relates to multiple CVEs; the text explains which
aspects/vulnerabilities correspond to which CVE.] Linux Block and Network
PV device frontends don't zero memory regions before sharing them with the
backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of
the grant table doesn't allow sharing less than a 4K page, leading to
unrelated data residing in the same 4K page as data shared with a backend
being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
-
CVE-2022-33743 <https://nvd.nist.gov/vuln/detail/CVE-2022-33743> CVSSv3
score: 7.8(High)
network backend may cause Linux netfront to use freed SKBs
While adding logic to support XDP (eXpress Data Path), a code label was
moved in a way allowing for SKBs having references (pointers) retained for
further processing to nevertheless be freed.
-
CVE-2022-33744 <https://nvd.nist.gov/vuln/detail/CVE-2022-33744> CVSSv3
score: 4.7(Medium)
Arm guests can cause Dom0 DoS via PV devices When mapping pages
of guests on Arm, dom0 is using an rbtree to keep track of the foreign
mappings. Updating of that rbtree is not always done completely with the
related lock held, resulting in a small race window, which can be used by
unprivileged guests via PV devices to cause inconsistencies of the rbtree.
These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by
causing crashes or the inability to perform further mappings of other
guests' memory pages.
-
CVE-2022-33981 <https://nvd.nist.gov/vuln/detail/CVE-2022-33981> CVSSv3
score: 3.3(Low)
drivers/block/floppy.c in the Linux kernel before 5.17.6 is
vulnerable to a denial of service, because of a concurrency use-after-free
flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
-
CVE-2022-3424 <https://nvd.nist.gov/vuln/detail/CVE-2022-3424> CVSSv3
score: 7.8(High)
A use-after-free flaw was found in the Linux kernel’s SGI GRU
driver in the way the first gru_file_unlocked_ioctl function is called by
the user, where a fail pass occurs in the gru_check_chiplet_assignment
function. This flaw allows a local user to crash or potentially escalate
their privileges on the system.
-
CVE-2022-3435 <https://nvd.nist.gov/vuln/detail/CVE-2022-3435> CVSSv3
score: n/a
A vulnerability classified as problematic has been found in
Linux Kernel. This affects the function fib_nh_match of the file
net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation
leads to out-of-bounds read. It is possible to initiate the attack
remotely. It is recommended to apply a patch to fix this issue. The
identifier VDB-210357 was assigned to this vulnerability.
-
CVE-2022-34494 <https://nvd.nist.gov/vuln/detail/CVE-2022-34494> CVSSv3
score: 5.5(Medium)
rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c
in the Linux kernel before 5.18.4 has a double free.
-
CVE-2022-34495 <https://nvd.nist.gov/vuln/detail/CVE-2022-34495> CVSSv3
score: 5.5(Medium)
rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux
kernel before 5.18.4 has a double free.
-
CVE-2022-34918 <https://nvd.nist.gov/vuln/detail/CVE-2022-34918> CVSSv3
score: 7.8(High)
An issue was discovered in the Linux kernel through 5.18.9. A
type confusion bug in nft_set_elem_init (leading to a buffer overflow)
could be used by a local attacker to escalate privileges, a different
vulnerability than CVE-2022-32250. (The attacker can obtain root access,
but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN
access.) This can be fixed in nft_setelem_parse_data in
net/netfilter/nf_tables_api.c.
-
CVE-2022-3521 <https://nvd.nist.gov/vuln/detail/CVE-2022-3521> CVSSv3
score: 2.5(Low)
A vulnerability has been found in Linux Kernel and classified
as problematic. This vulnerability affects the function kcm_tx_work of the
file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race
condition. It is recommended to apply a patch to fix this issue. VDB-211018
is the identifier assigned to this vulnerability.
-
CVE-2022-3524 <https://nvd.nist.gov/vuln/detail/CVE-2022-3524> CVSSv3
score: 5.5(Medium)
A vulnerability was found in Linux Kernel. It has been declared
as problematic. Affected by this vulnerability is the function
ipv6_renew_options of the component IPv6 Handler. The manipulation leads to
memory leak. The attack can be launched remotely. It is recommended to
apply a patch to fix this issue. The identifier VDB-211021 was assigned to
this vulnerability.
-
CVE-2022-3526 <https://nvd.nist.gov/vuln/detail/CVE-2022-3526> CVSSv3
score: 7.5(High)
A vulnerability classified as problematic was found in Linux
Kernel. This vulnerability affects the function macvlan_handle_frame of the
file drivers/net/macvlan.c of the component skb. The manipulation leads to
memory leak. The attack can be initiated remotely. It is recommended to
apply a patch to fix this issue. The identifier of this vulnerability is
VDB-211024.
-
CVE-2022-3534 <https://nvd.nist.gov/vuln/detail/CVE-2022-3534> CVSSv3
score: 8(High)
A vulnerability classified as critical has been found in Linux
Kernel. Affected is the function btf_dump_name_dups of the file
tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to
use after free. It is recommended to apply a patch to fix this issue. The
identifier of this vulnerability is VDB-211032.
-
CVE-2022-3541 <https://nvd.nist.gov/vuln/detail/CVE-2022-3541> CVSSv3
score: 7.8(High)
A vulnerability classified as critical has been found in Linux
Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file
drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The
manipulation leads to use after free. It is recommended to apply a patch to
fix this issue. The identifier VDB-211041 was assigned to this
vulnerability.
-
CVE-2022-3543 <https://nvd.nist.gov/vuln/detail/CVE-2022-3543> CVSSv3
score: 5.5(Medium)
A vulnerability, which was classified as problematic, has been
found in Linux Kernel. This issue affects the function
unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of
the component BPF. The manipulation leads to memory leak. It is recommended
to apply a patch to fix this issue. The associated identifier of this
vulnerability is VDB-211043.
-
CVE-2022-3564 <https://nvd.nist.gov/vuln/detail/CVE-2022-3564> CVSSv3
score: 7.1(High)
A vulnerability classified as critical was found in Linux
Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu
of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The
manipulation leads to use after free. It is recommended to apply a patch to
fix this issue. The associated identifier of this vulnerability is
VDB-211087.
-
CVE-2022-3565 <https://nvd.nist.gov/vuln/detail/CVE-2022-3565> CVSSv3
score: 7.8(High)
A vulnerability, which was classified as critical, has been
found in Linux Kernel. Affected by this issue is the function del_timer of
the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The
manipulation leads to use after free. It is recommended to apply a patch to
fix this issue. The identifier of this vulnerability is VDB-211088.
-
CVE-2022-3577 <https://nvd.nist.gov/vuln/detail/CVE-2022-3577> CVSSv3
score: 7.8(High)
An out-of-bounds memory write flaw was found in the Linux
kernel’s Kid-friendly Wired Controller driver. This flaw allows a local
user to crash or potentially escalate their privileges on the system. It is
in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect
assumption - bigben devices all have inputs. However, malicious devices can
break this assumption, leaking to out-of-bound write.
-
CVE-2022-3586 <https://nvd.nist.gov/vuln/detail/CVE-2022-3586> CVSSv3
score: 5.5(Medium)
A flaw was found in the Linux kernel’s networking code. A
use-after-free was found in the way the sch_sfb enqueue function used the
socket buffer (SKB) cb field after the same SKB had been enqueued (and
freed) into a child qdisc. This flaw allows a local, unprivileged user to
crash the system, causing a denial of service.
-
CVE-2022-3594 <https://nvd.nist.gov/vuln/detail/CVE-2022-3594> CVSSv3
score: n/a
A vulnerability was found in Linux Kernel. It has been declared
as problematic. Affected by this vulnerability is the function
intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The
manipulation leads to logging of excessive data. The attack can be launched
remotely. It is recommended to apply a patch to fix this issue. The
associated identifier of this vulnerability is VDB-211363.
-
CVE-2022-3595 <https://nvd.nist.gov/vuln/detail/CVE-2022-3595> CVSSv3
score: 5.5(Medium)
A vulnerability was found in Linux Kernel. It has been rated as
problematic. Affected by this issue is the function sess_free_buffer of the
file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads
to double free. It is recommended to apply a patch to fix this issue. The
identifier of this vulnerability is VDB-211364.
-
CVE-2022-36123 <https://nvd.nist.gov/vuln/detail/CVE-2022-36123> CVSSv3
score: 7.8(High)
The Linux kernel before 5.18.13 lacks a certain clear operation
for the block starting symbol (.bss). This allows Xen PV guest OS users to
cause a denial of service or gain privileges.
-
CVE-2022-3619 <https://nvd.nist.gov/vuln/detail/CVE-2022-3619> CVSSv3
score: 4.3(Medium)
A vulnerability has been found in Linux Kernel and classified
as problematic. This vulnerability affects the function l2cap_recv_acldata
of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The
manipulation leads to memory leak. It is recommended to apply a patch to
fix this issue. VDB-211918 is the identifier assigned to this vulnerability.
-
CVE-2022-3621 <https://nvd.nist.gov/vuln/detail/CVE-2022-3621> CVSSv3
score: 6.5(Medium)
A vulnerability was found in Linux Kernel. It has been
classified as problematic. Affected is the function
nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component
nilfs2. The manipulation leads to null pointer dereference. It is possible
to launch the attack remotely. It is recommended to apply a patch to fix
this issue. The identifier of this vulnerability is VDB-211920.
-
CVE-2022-3623 <https://nvd.nist.gov/vuln/detail/CVE-2022-3623> CVSSv3
score: 7.5(High)
A vulnerability was found in Linux Kernel. It has been declared
as problematic. Affected by this vulnerability is the function
follow_page_pte of the file mm/gup.c of the component BPF. The manipulation
leads to race condition. The attack can be launched remotely. It is
recommended to apply a patch to fix this issue. The identifier VDB-211921
was assigned to this vulnerability.
-
CVE-2022-3625 <https://nvd.nist.gov/vuln/detail/CVE-2022-3625> CVSSv3
score: 7.8(High)
A vulnerability was found in Linux Kernel. It has been
classified as critical. This affects the function
devlink_param_set/devlink_param_get of the file net/core/devlink.c of the
component IPsec. The manipulation leads to use after free. It is
recommended to apply a patch to fix this issue. The identifier VDB-211929
was assigned to this vulnerability.
-
CVE-2022-3628 <https://nvd.nist.gov/vuln/detail/CVE-2022-3628> CVSSv3
score: 6.6(Medium)
A buffer overflow flaw was found in the Linux kernel Broadcom
Full MAC Wi-Fi driver. This issue occurs when a user connects to a
malicious USB device. This can allow a local user to crash the system or
escalate their privileges.
-
CVE-2022-36280 <https://nvd.nist.gov/vuln/detail/CVE-2022-36280> CVSSv3
score: 5.5(Medium)
An out-of-bounds(OOB) memory access vulnerability was found in
vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the
Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw
allows a local attacker with a user account on the system to gain
privilege, causing a denial of service(DoS).
-
CVE-2022-3629 <https://nvd.nist.gov/vuln/detail/CVE-2022-3629> CVSSv3
score: 3.3(Low)
A vulnerability was found in Linux Kernel. It has been declared
as problematic. This vulnerability affects the function vsock_connect of
the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak.
The complexity of an attack is rather high. The exploitation appears to be
difficult. It is recommended to apply a patch to fix this issue. VDB-211930
is the identifier assigned to this vulnerability.
-
CVE-2022-3630 <https://nvd.nist.gov/vuln/detail/CVE-2022-3630> CVSSv3
score: 5.5(Medium)
A vulnerability was found in Linux Kernel. It has been rated as
problematic. This issue affects some unknown processing of the file
fs/fscache/cookie.c of the component IPsec. The manipulation leads to
memory leak. It is recommended to apply a patch to fix this issue. The
associated identifier of this vulnerability is VDB-211931.
-
CVE-2022-3635 <https://nvd.nist.gov/vuln/detail/CVE-2022-3635> CVSSv3
score: 7(High)
A vulnerability, which was classified as critical, has been
found in Linux Kernel. Affected by this issue is the function tst_timer of
the file drivers/atm/idt77252.c of the component IPsec. The manipulation
leads to use after free. It is recommended to apply a patch to fix this
issue. VDB-211934 is the identifier assigned to this vulnerability.
-
CVE-2022-3640 <https://nvd.nist.gov/vuln/detail/CVE-2022-3640> CVSSv3
score: 8.8(High)
A vulnerability, which was classified as critical, was found in
Linux Kernel. Affected is the function l2cap_conn_del of the file
net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation
leads to use after free. It is recommended to apply a patch to fix this
issue. The identifier of this vulnerability is VDB-211944.
-
CVE-2022-3643 <https://nvd.nist.gov/vuln/detail/CVE-2022-3643> CVSSv3
score: 6.5(Medium)
Guests can trigger NIC interface reset/abort/crash via netback
It is possible for a guest to trigger a NIC interface reset/abort/crash in
a Linux based network backend by sending certain kinds of packets. It
appears to be an (unwritten?) assumption in the rest of the Linux network
stack that packet protocol headers are all contained within the linear
section of the SKB and some NICs behave badly if this is not the case. This
has been reported to occur with Cisco (enic) and Broadcom NetXtrem II
BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well.
In case the frontend is sending requests with split headers, netback will
forward those violating above mentioned assumption to the networking core,
resulting in said misbehavior.
-
CVE-2022-3646 <https://nvd.nist.gov/vuln/detail/CVE-2022-3646> CVSSv3
score: 4.3(Medium)
A vulnerability, which was classified as problematic, has been
found in Linux Kernel. This issue affects the function
nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component
BPF. The manipulation leads to memory leak. The attack may be initiated
remotely. It is recommended to apply a patch to fix this issue. The
identifier VDB-211961 was assigned to this vulnerability.
-
CVE-2022-3649 <https://nvd.nist.gov/vuln/detail/CVE-2022-3649> CVSSv3
score: 7(High)
A vulnerability was found in Linux Kernel. It has been
classified as problematic. Affected is the function nilfs_new_inode of the
file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use
after free. It is possible to launch the attack remotely. It is recommended
to apply a patch to fix this issue. The identifier of this vulnerability is
VDB-211992.
-
CVE-2022-36879 <https://nvd.nist.gov/vuln/detail/CVE-2022-36879> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel through 5.18.14.
xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be
dropped twice.
-
CVE-2022-36946 <https://nvd.nist.gov/vuln/detail/CVE-2022-36946> CVSSv3
score: 7.5(High)
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux
kernel through 5.18.14 allows remote attackers to cause a denial of service
(panic) because, in the case of an nf_queue verdict with a one-byte
nfta_payload attribute, an skb_pull can encounter a negative skb->len.
-
CVE-2022-3707 <https://nvd.nist.gov/vuln/detail/CVE-2022-3707> CVSSv3
score: 5.5(Medium)
A double-free memory flaw was found in the Linux kernel. The
Intel GVT-g graphics driver triggers VGA card system resource overload,
causing a fail in the intel_gvt_dma_map_guest_page function. This issue
could allow a local user to crash the system.
-
CVE-2022-38457 <https://nvd.nist.gov/vuln/detail/CVE-2022-38457> CVSSv3
score: 5.5(Medium)
A use-after-free(UAF) vulnerability was found in function
'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux
kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'.
This flaw allows a local attacker with a user account on the system to gain
privilege, causing a denial of service(DoS).
-
CVE-2022-3910 <https://nvd.nist.gov/vuln/detail/CVE-2022-3910> CVSSv3
score: n/a
Use After Free vulnerability in Linux Kernel allows Privilege
Escalation. An improper Update of Reference Count in io_uring leads to
Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked
with a fixed file, it called io_fput_file() which improperly decreased its
reference count (leading to Use-After-Free and Local Privilege Escalation).
Fixed files are permanently registered to the ring, and should not be put
separately. We recommend upgrading past commit
https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679
https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679
-
CVE-2022-39189 <https://nvd.nist.gov/vuln/detail/CVE-2022-39189> CVSSv3
score: 7.8(High)
An issue was discovered the x86 KVM subsystem in the Linux
kernel before 5.18.17. Unprivileged guest users can compromise the guest
kernel because TLB flush operations are mishandled in certain
KVM_VCPU_PREEMPTED situations.
-
CVE-2022-39190 <https://nvd.nist.gov/vuln/detail/CVE-2022-39190> CVSSv3
score: 5.5(Medium)
An issue was discovered in net/netfilter/nf_tables_api.c in the
Linux kernel before 5.19.6. A denial of service can occur upon binding to
an already bound chain.
-
CVE-2022-3977 <https://nvd.nist.gov/vuln/detail/CVE-2022-3977> CVSSv3
score: 7.8(High)
A use-after-free flaw was found in the Linux kernel MCTP
(Management Component Transport Protocol) functionality. This issue occurs
when a user simultaneously calls DROPTAG ioctl and socket close happens,
which could allow a local user to crash the system or potentially escalate
their privileges on the system.
-
CVE-2022-40133 <https://nvd.nist.gov/vuln/detail/CVE-2022-40133> CVSSv3
score: 5.5(Medium)
A use-after-free(UAF) vulnerability was found in function
'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux
kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'.
This flaw allows a local attacker with a user account on the system to gain
privilege, causing a denial of service(DoS).
-
CVE-2022-40307 <https://nvd.nist.gov/vuln/detail/CVE-2022-40307> CVSSv3
score: 4.7(Medium)
An issue was discovered in the Linux kernel through 5.19.8.
drivers/firmware/efi/capsule-loader.c has a race condition with a resultant
use-after-free.
-
CVE-2022-40768 <https://nvd.nist.gov/vuln/detail/CVE-2022-40768> CVSSv3
score: 5.5(Medium)
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows
local users to obtain sensitive information from kernel memory because
stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
-
CVE-2022-4095 <https://nvd.nist.gov/vuln/detail/CVE-2022-4095> CVSSv3
score: 7.8(High)
A use-after-free flaw was found in Linux kernel before 5.19.2.
This issue occurs in cmd_hdl_filter in
drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a
local denial of service attack and gain escalation of privileges.
-
CVE-2022-40982 <https://nvd.nist.gov/vuln/detail/CVE-2022-40982> CVSSv3
score: n/a
Information exposure through microarchitectural state after
transient execution in certain vector execution units for some Intel®
Processors may allow an authenticated user to potentially enable
information disclosure via local access.
-
CVE-2022-41218 <https://nvd.nist.gov/vuln/detail/CVE-2022-41218> CVSSv3
score: 5.5(Medium)
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through
5.19.10, there is a use-after-free caused by refcount races, affecting
dvb_demux_open and dvb_dmxdev_release.
-
CVE-2022-4128 <https://nvd.nist.gov/vuln/detail/CVE-2022-4128> CVSSv3
score: 5.5(Medium)
A NULL pointer dereference issue was discovered in the Linux
kernel in the MPTCP protocol when traversing the subflow list at disconnect
time. A local user could use this flaw to potentially crash the system
causing a denial of service.
-
CVE-2022-4139 <https://nvd.nist.gov/vuln/detail/CVE-2022-4139> CVSSv3
score: 7.8(High)
An incorrect TLB flush issue was found in the Linux kernel’s
GPU i915 kernel driver, potentially leading to random memory corruption or
data leaks. This flaw could allow a local user to crash the system or
escalate their privileges on the system.
-
CVE-2022-41674 <https://nvd.nist.gov/vuln/detail/CVE-2022-41674> CVSSv3
score: 8.1(High)
An issue was discovered in the Linux kernel before 5.19.16.
Attackers able to inject WLAN frames could cause a buffer overflow in the
ieee80211_bss_info_update function in net/mac80211/scan.c.
-
CVE-2022-41804 <https://nvd.nist.gov/vuln/detail/CVE-2022-41804> CVSSv3
score: 6.7(Medium)
Unauthorized error injection in Intel® SGX or Intel® TDX for
some Intel® Xeon® Processors may allow a privileged user to potentially
enable escalation of privilege via local access.
-
CVE-2022-41849 <https://nvd.nist.gov/vuln/detail/CVE-2022-41849> CVSSv3
score: 4.2(Medium)
drivers/video/fbdev/smscufx.c in the Linux kernel through
5.19.12 has a race condition and resultant use-after-free if a physically
proximate attacker removes a USB device while calling open(), aka a race
condition between ufx_ops_open and ufx_usb_disconnect.
-
CVE-2022-41850 <https://nvd.nist.gov/vuln/detail/CVE-2022-41850> CVSSv3
score: 4.7(Medium)
roccat_report_event in drivers/hid/hid-roccat.c in the Linux
kernel through 5.19.12 has a race condition and resultant use-after-free in
certain situations where a report is received while copying a report->value
is in progress.
-
CVE-2022-41858 <https://nvd.nist.gov/vuln/detail/CVE-2022-41858> CVSSv3
score: 7.1(High)
A flaw was found in the Linux kernel. A NULL pointer
dereference may occur while a slip driver is in progress to detach in
sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an
attacker to crash the system or leak internal kernel information.
-
CVE-2022-42328 <https://nvd.nist.gov/vuln/detail/CVE-2022-42328> CVSSv3
score: 5.5(Medium)
Guests can trigger deadlock in Linux netback driver T[his CNA
information record relates to multiple CVEs; the text explains which
aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392
introduced another issue which might result in a deadlock when trying to
free the SKB of a packet dropped due to the XSA-392 handling
(CVE-2022-42328). Additionally when dropping packages for other reasons the
same deadlock could occur in case of netpoll being active for the interface
the xen-netback driver is connected to (CVE-2022-42329).
-
CVE-2022-42329 <https://nvd.nist.gov/vuln/detail/CVE-2022-42329> CVSSv3
score: 5.5(Medium)
Guests can trigger deadlock in Linux netback driver T[his CNA
information record relates to multiple CVEs; the text explains which
aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392
introduced another issue which might result in a deadlock when trying to
free the SKB of a packet dropped due to the XSA-392 handling
(CVE-2022-42328). Additionally when dropping packages for other reasons the
same deadlock could occur in case of netpoll being active for the interface
the xen-netback driver is connected to (CVE-2022-42329).
-
CVE-2022-42432 <https://nvd.nist.gov/vuln/detail/CVE-2022-42432> CVSSv3
score: 4.4(Medium)
This vulnerability allows local attackers to disclose sensitive
information on affected installations of the Linux Kernel 6.0-rc2. An
attacker must first obtain the ability to execute high-privileged code on
the target system in order to exploit this vulnerability. The specific flaw
exists within the nft_osf_eval function. The issue results from the lack of
proper initialization of memory prior to accessing it. An attacker can
leverage this in conjunction with other vulnerabilities to execute
arbitrary code in the context of the kernel. Was ZDI-CAN-18540.
-
CVE-2022-4269 <https://nvd.nist.gov/vuln/detail/CVE-2022-4269> CVSSv3
score: 5.5(Medium)
A flaw was found in the Linux kernel Traffic Control (TC)
subsystem. Using a specific networking configuration (redirecting egress
packets to ingress using TC action "mirred") a local unprivileged user
could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol
in use (TCP or SCTP) does a retransmission, resulting in a denial of
service condition.
-
CVE-2022-42703 <https://nvd.nist.gov/vuln/detail/CVE-2022-42703> CVSSv3
score: 5.5(Medium)
mm/rmap.c in the Linux kernel before 5.19.7 has a
use-after-free related to leaf anon_vma double reuse.
-
CVE-2022-42719 <https://nvd.nist.gov/vuln/detail/CVE-2022-42719> CVSSv3
score: 8.8(High)
A use-after-free in the mac80211 stack when parsing a
multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16
could be used by attackers (able to inject WLAN frames) to crash the kernel
and potentially execute code.
-
CVE-2022-42720 <https://nvd.nist.gov/vuln/detail/CVE-2022-42720> CVSSv3
score: 7.8(High)
Various refcounting bugs in the multi-BSS handling in the
mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could
be used by local attackers (able to inject WLAN frames) to trigger
use-after-free conditions to potentially execute code.
-
CVE-2022-42721 <https://nvd.nist.gov/vuln/detail/CVE-2022-42721> CVSSv3
score: 5.5(Medium)
A list management bug in BSS handling in the mac80211 stack in
the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local
attackers (able to inject WLAN frames) to corrupt a linked list and, in
turn, potentially execute code.
-
CVE-2022-42722 <https://nvd.nist.gov/vuln/detail/CVE-2022-42722> CVSSv3
score: 5.5(Medium)
In the Linux kernel 5.8 through 5.19.x before 5.19.16, local
attackers able to inject WLAN frames into the mac80211 stack could cause a
NULL pointer dereference denial-of-service attack against the beacon
protection of P2P devices.
-
CVE-2022-42895 <https://nvd.nist.gov/vuln/detail/CVE-2022-42895> CVSSv3
score: 6.5(Medium)
There is an infoleak vulnerability in the Linux kernel's
net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be
used to leak kernel pointers remotely.
We recommend upgrading past commit
https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e
https://www.google.com/url
-
CVE-2022-42896 <https://nvd.nist.gov/vuln/detail/CVE-2022-42896> CVSSv3
score: 8.8(High)
There are use-after-free vulnerabilities in the Linux kernel's
net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req
functions which may allow code execution and leaking kernel memory
(respectively) remotely via Bluetooth. A remote attacker could execute code
leaking kernel memory via Bluetooth if within proximity of the victim.We
recommend upgrading past commit https://www.google.com/url
https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4
https://www.google.com/url
-
CVE-2022-43750 <https://nvd.nist.gov/vuln/detail/CVE-2022-43750> CVSSv3
score: 6.7(Medium)
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before
5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the
monitor's internal memory.
-
CVE-2022-4378 <https://nvd.nist.gov/vuln/detail/CVE-2022-4378> CVSSv3
score: 7.8(High)
A stack overflow flaw was found in the Linux kernel's SYSCTL
subsystem in how a user changes certain kernel parameters and variables.
This flaw allows a local user to crash or potentially escalate their
privileges on the system.
-
CVE-2022-4379 <https://nvd.nist.gov/vuln/detail/CVE-2022-4379> CVSSv3
score: 7.5(High)
A use-after-free vulnerability was found in __nfs42_ssc_open()
in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to
conduct a remote denial
-
CVE-2022-4382 <https://nvd.nist.gov/vuln/detail/CVE-2022-4382> CVSSv3
score: 6.4(Medium)
A use-after-free flaw caused by a race among the superblock
operations in the gadgetfs Linux driver was found. It could be triggered by
yanking out a device that is running the gadgetfs side.
-
CVE-2022-43945 <https://nvd.nist.gov/vuln/detail/CVE-2022-43945> CVSSv3
score: 7.5(High)
The Linux kernel NFSD implementation prior to versions 5.19.17
and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of
pages held by each NFSD thread by combining the receive and send buffers of
a remote procedure call (RPC) into a single array of pages. A client can
force the send buffer to shrink by sending an RPC message over TCP with
garbage data added at the end of the message. The RPC message with garbage
data is still correctly formed according to the specification and is passed
forward to handlers. Vulnerable code in NFSD is not expecting the oversized
request and writes beyond the allocated buffer space.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
-
CVE-2022-45869 <https://nvd.nist.gov/vuln/detail/CVE-2022-45869> CVSSv3
score: 5.5(Medium)
A race condition in the x86 KVM subsystem in the Linux kernel
through 6.1-rc6 allows guest OS users to cause a denial of service (host OS
crash or host OS memory corruption) when nested virtualisation and the TDP
MMU are enabled.
-
CVE-2022-45886 <https://nvd.nist.gov/vuln/detail/CVE-2022-45886> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel through 6.0.9.
drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open
race condition that leads to a use-after-free.
-
CVE-2022-45887 <https://nvd.nist.gov/vuln/detail/CVE-2022-45887> CVSSv3
score: 4.7(Medium)
An issue was discovered in the Linux kernel through 6.0.9.
drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the
lack of a dvb_frontend_detach call.
-
CVE-2022-45919 <https://nvd.nist.gov/vuln/detail/CVE-2022-45919> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel through 6.0.10. In
drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is
there is a disconnect after an open, because of the lack of a wait_event.
-
CVE-2022-45934 <https://nvd.nist.gov/vuln/detail/CVE-2022-45934> CVSSv3
score: 7.8(High)
An issue was discovered in the Linux kernel through 6.0.10.
l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound
via L2CAP_CONF_REQ packets.
-
CVE-2022-4662 <https://nvd.nist.gov/vuln/detail/CVE-2022-4662> CVSSv3
score: 5.5(Medium)
A flaw incorrect access control in the Linux kernel USB core
subsystem was found in the way user attaches usb device. A local user could
use this flaw to crash the system.
-
- CVE-2022-47518
<https://nvd.nist.gov/vuln/detail/CVE-2022-47518> CVSSv3
score: 7.8(High)
An issue was discovered in the Linux kernel before 6.0.11.
Missing validation of the number of channels in
drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless
driver can trigger a heap-based buffer overflow when copying the list of
operating channels from Wi-Fi management frames.
- CVE-2022-48619
<https://nvd.nist.gov/vuln/detail/CVE-2022-48619> CVSSv3
score: n/a
An issue was discovered in drivers/input/input.c in the
Linux kernel before 5.17.10. An attacker can cause a denial of service
(panic) because input_set_capability mishandles the situation in which an
event code falls outside of a bitmap.
- CVE-2023-0045
<https://nvd.nist.gov/vuln/detail/CVE-2023-0045> CVSSv3
score: 7.5(High)
The current implementation of the prctl syscall does not
issue an IBPB immediately during the syscall. The ib_prctl_set function
updates the Thread Information Flags (TIFs) for the task and updates the
SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is
only issued on the next schedule, when the TIF bits are checked. This
leaves the victim vulnerable to values already injected on the BTB, prior
to the prctl syscall. The patch that added the support for the conditional
mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.
We recommend upgrading past
commit a664ec9158eeddd75121d39c9a0758016097fa96
-
CVE-2023-0160
<https://nvd.nist.gov/vuln/detail/CVE-2023-0160> CVSSv3
score: 5.5(Medium)
A deadlock flaw was found in the Linux kernel’s BPF
subsystem. This flaw allows a local user to potentially crash the system.
-
CVE-2023-0179
<https://nvd.nist.gov/vuln/detail/CVE-2023-0179> CVSSv3
score: 7.8(High)
A buffer overflow vulnerability was found in the Netfilter
subsystem in the Linux Kernel. This issue could allow the leakage of both
stack and heap addresses, and potentially allow Local Privilege Escalation
to the root user via arbitrary code execution.
-
CVE-2023-0210
<https://nvd.nist.gov/vuln/detail/CVE-2023-0210> CVSSv3
score: 7.5(High)
A bug affects the Linux kernel’s ksmbd NTLMv2 authentication
and is known to crash the OS immediately in Linux-based systems.
-
CVE-2023-0266
<https://nvd.nist.gov/vuln/detail/CVE-2023-0266> CVSSv3
score: 7.8(High)
A use after free vulnerability exists in the ALSA PCM
package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_READWRITE32
is missing locks that can be used in a use-after-free that can result in a
priviledge escalation to gain ring0 access from the system user. We
recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
-
CVE-2023-0386
<https://nvd.nist.gov/vuln/detail/CVE-2023-0386> CVSSv3
score: 7.8(High)
A flaw was found in the Linux kernel, where unauthorized
access to the execution of the setuid file with capabilities was found in
the Linux kernel’s OverlayFS subsystem in how a user copies a capable file
from a nosuid mount into another mount. This uid mapping bug allows a local
user to escalate their privileges on the system.
-
CVE-2023-0394
<https://nvd.nist.gov/vuln/detail/CVE-2023-0394> CVSSv3
score: 5.5(Medium)
A NULL pointer dereference flaw was found in
rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in
the Linux kernel. This flaw causes the system to crash.
-
CVE-2023-0458
<https://nvd.nist.gov/vuln/detail/CVE-2023-0458> CVSSv3
score: 4.7(Medium)
A speculative pointer dereference problem exists in the
Linux Kernel on the do_prlimit() function. The resource argument value is
controlled and is used in pointer arithmetic for the 'rlim' variable and
can be used to leak the contents. We recommend upgrading past version 6.1.8
or commit 739790605705ddcf18f21782b9c99ad7d53a8c11
-
CVE-2023-0459
<https://nvd.nist.gov/vuln/detail/CVE-2023-0459> CVSSv3
score: 5.5(Medium)
Copy_from_user on 64-bit versions of the Linux kernel does
not implement the __uaccess_begin_nospec allowing a user to bypass the
"access_ok" check and pass a kernel pointer to copy_from_user(). This would
allow an attacker to leak information. We recommend upgrading beyond
commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
-
CVE-2023-0461
<https://nvd.nist.gov/vuln/detail/CVE-2023-0461> CVSSv3
score: n/a
There is a use-after-free vulnerability in the Linux Kernel
which can be exploited to achieve local privilege escalation. To reach the
vulnerability kernel configuration flag CONFIG_TLS or
CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not
require any privilege.
There is a use-after-free bug of icsk_ulp_data of a struct
inet_connection_sock.
When CONFIG_TLS is enabled, user can install a tls context
(struct tls_context) on a connected tcp socket. The context is not cleared
if this socket is disconnected and reused as a listener. If a new socket is
created from the listener, the context is inherited and vulnerable.
The setsockopt TCP_ULP operation does not require any privilege.
We recommend upgrading past
commit 2c02d41d71f90a5168391b6a5f2954112ba2307c
-
CVE-2023-0468
<https://nvd.nist.gov/vuln/detail/CVE-2023-0468> CVSSv3
score: 4.7(Medium)
A use-after-free flaw was found in io_uring/poll.c in
io_poll_check_events in the io_uring subcomponent in the Linux Kernel due
to a race condition of poll_refs. This flaw may cause a NULL pointer
dereference.
-
CVE-2023-0469
<https://nvd.nist.gov/vuln/detail/CVE-2023-0469> CVSSv3
score: 5.5(Medium)
A use-after-free flaw was found in io_uring/filetable.c in
io_install_fixed_file in the io_uring subcomponent in the Linux Kernel
during call cleanup. This flaw may lead to a denial of service.
-
CVE-2023-0590
<https://nvd.nist.gov/vuln/detail/CVE-2023-0590> CVSSv3
score: 4.7(Medium)
A use-after-free flaw was found in qdisc_graft in
net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw
leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix
race condition in qdisc_graft()") not applied yet, then kernel could be
affected.
-
CVE-2023-0615
<https://nvd.nist.gov/vuln/detail/CVE-2023-0615> CVSSv3
score: 5.5(Medium)
A memory leak flaw and potential divide by zero and Integer
overflow was found in the Linux kernel V4L2 and vivid test code
functionality. This issue occurs when a user triggers ioctls, such as
VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the
system if vivid test code enabled.
-
CVE-2023-1032
<https://nvd.nist.gov/vuln/detail/CVE-2023-1032> CVSSv3
score: 5.5(Medium)
The Linux kernel io_uring IORING_OP_SOCKET operation
contained a double free in function __sys_socket_file() in file
net/socket.c. This issue was introduced in
da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in
649c15c7691e9b13cbe9bf6c65c365350e056067.
-
CVE-2023-1073
<https://nvd.nist.gov/vuln/detail/CVE-2023-1073> CVSSv3
score: 6.6(Medium)
A memory corruption flaw was found in the Linux kernel’s
human interface device (HID) subsystem in how a user inserts a malicious
USB device. This flaw allows a local user to crash or potentially escalate
their privileges on the system.
-
CVE-2023-1074
<https://nvd.nist.gov/vuln/detail/CVE-2023-1074> CVSSv3
score: 5.5(Medium)
A memory leak flaw was found in the Linux kernel's Stream
Control Transmission Protocol. This issue may occur when a user starts a
malicious networking service and someone connects to this service. This
could allow a local user to starve resources, causing a denial of service.
-
CVE-2023-1075
<https://nvd.nist.gov/vuln/detail/CVE-2023-1075> CVSSv3
score: 3.3(Low)
A flaw was found in the Linux Kernel. The tls_is_tx_ready()
incorrectly checks for list emptiness, potentially accessing a type
confused entry to the list_head, leaking the last byte of the confused
field that overlaps with rec->tx_ready.
-
CVE-2023-1076
<https://nvd.nist.gov/vuln/detail/CVE-2023-1076> CVSSv3
score: 5.5(Medium)
A flaw was found in the Linux Kernel. The tun/tap sockets
have their socket UID hardcoded to 0 due to a type confusion in their
initialization function. While it will be often correct, as tuntap devices
require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user
only having that capability. This would make tun/tap sockets being
incorrectly treated in filtering/routing decisions, possibly bypassing
network filters.
-
CVE-2023-1077
<https://nvd.nist.gov/vuln/detail/CVE-2023-1077> CVSSv3
score: 7(High)
In the Linux kernel, pick_next_rt_entity() may return a type
confused entry, not detected by the BUG_ON condition, as the confused entry
will not be NULL, but list_head.The buggy error condition would lead to a
type confused entry with the list head,which would then be used as a type
confused sched_rt_entity,causing memory corruption.
-
CVE-2023-1078
<https://nvd.nist.gov/vuln/detail/CVE-2023-1078> CVSSv3
score: 7.8(High)
A flaw was found in the Linux Kernel in RDS (Reliable
Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses
list_entry() on the head of a list causing a type confusion. Local user can
trigger this with rds_message_put(). Type confusion leads to struct
rds_msg_zcopy_info *info actually points to something else
that is potentially controlled by local user. It is known how to trigger
this, which causes an out of bounds access, and a lock corruption.
-
CVE-2023-1079
<https://nvd.nist.gov/vuln/detail/CVE-2023-1079> CVSSv3
score: 6.8(Medium)
A flaw was found in the Linux kernel. A use-after-free may
be triggered in asus_kbd_backlight_set when plugging/disconnecting in a
malicious USB device, which advertises itself as an Asus device. Similarly
to the previous known CVE-2023-25012, but in asus devices, the work_struct
may be scheduled by the LED controller while the device is disconnecting,
triggering a use-after-free on the struct asus_kbd_leds *led structure. A
malicious USB device may exploit the issue to cause memory corruption with
controlled data.
-
CVE-2023-1095
<https://nvd.nist.gov/vuln/detail/CVE-2023-1095> CVSSv3
score: 5.5(Medium)
In nf_tables_updtable, if nf_tables_table_enable returns an
error, nft_trans_destroy is called to free the transaction object.
nft_trans_destroy() calls list_del(), but the transaction was never placed
on a list – the list head is all zeroes, this results in a NULL pointer
dereference.
-
CVE-2023-1118
<https://nvd.nist.gov/vuln/detail/CVE-2023-1118> CVSSv3
score: 7.8(High)
A flaw use after free in the Linux kernel integrated
infrared receiver/transceiver driver was found in the way user detaching rc
device. A local user could use this flaw to crash the system or potentially
escalate their privileges on the system.
-
CVE-2023-1192
<https://nvd.nist.gov/vuln/detail/CVE-2023-1192> CVSSv3
score: n/a
A use-after-free flaw was found in
smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS
transfers response data to a system call, there are still local variable
points to the memory region, and if the system call frees it faster than
CIFS uses it, CIFS will access a free memory region, leading to a denial of
service.
-
CVE-2023-1193
<https://nvd.nist.gov/vuln/detail/CVE-2023-1193> CVSSv3
score: n/a
A use-after-free flaw was found in setup_async_work in the
KSMBD implementation of the in-kernel samba server and CIFS in the Linux
kernel. This issue could allow an attacker to crash the system by accessing
freed work.
-
CVE-2023-1194
<https://nvd.nist.gov/vuln/detail/CVE-2023-1194> CVSSv3
score: 8.1(High)
An out-of-bounds (OOB) memory read flaw was found in
parse_lease_state in the KSMBD implementation of the in-kernel samba server
and CIFS in the Linux kernel. When an attacker sends the CREATE command
with a malformed payload to KSMBD, due to a missing check of
NameOffset in the parse_lease_state() function, the
create_context object can access invalid memory.
-
CVE-2023-1206
<https://nvd.nist.gov/vuln/detail/CVE-2023-1206> CVSSv3
score: 5.7(Medium)
A hash collision flaw was found in the IPv6 connection
lookup table in the Linux kernel’s IPv6 functionality when a user makes a
new kind of SYN flood attack. A user located in the local network or with a
high bandwidth connection can increase the CPU usage of the server that
accepts IPV6 connections up to 95%.
-
CVE-2023-1249
<https://nvd.nist.gov/vuln/detail/CVE-2023-1249> CVSSv3
score: 5.5(Medium)
A use-after-free flaw was found in the Linux kernel’s core
dump subsystem. This flaw allows a local user to crash the system. Only if
patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note")
not applied yet, then kernel could be affected.
-
CVE-2023-1281
<https://nvd.nist.gov/vuln/detail/CVE-2023-1281> CVSSv3
score: n/a
Use After Free vulnerability in Linux kernel traffic control
index filter (tcindex) allows Privilege Escalation. The imperfect hash area
can be updated while packets are traversing, which will cause a
use-after-free when 'tcf_exts_exec()' is called with the destroyed
tcf_ext. A local attacker user can use this vulnerability to elevate its
privileges to root.
This issue affects Linux Kernel: from 4.14 before git commit
ee059170b1f7e94e55fa6cadee544e176a6e59c2.
-
CVE-2023-1380
<https://nvd.nist.gov/vuln/detail/CVE-2023-1380> CVSSv3
score: 7.1(High)
A slab-out-of-bound read problem was found in
brcmf_get_assoc_ies in
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux
Kernel. This issue could occur when assoc_info->req_len data is bigger than
the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of
service.
-
CVE-2023-1382
<https://nvd.nist.gov/vuln/detail/CVE-2023-1382> CVSSv3
score: 4.7(Medium)
A data race flaw was found in the Linux kernel, between
where con is allocated and con->sock is set. This issue leads to a NULL
pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in
the tipc protocol in the Linux kernel.
-
CVE-2023-1513
<https://nvd.nist.gov/vuln/detail/CVE-2023-1513> CVSSv3
score: 3.3(Low)
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS
ioctl, on 32-bit systems, there might be some uninitialized portions of the
kvm_debugregs structure that could be copied to userspace, causing an
information leak.
-
CVE-2023-1582
<https://nvd.nist.gov/vuln/detail/CVE-2023-1582> CVSSv3
score: 4.7(Medium)
A race problem was found in fs/proc/task_mmu.c in the memory
management sub-component in the Linux kernel. This issue may allow a local
attacker with user privilege to cause a denial of service.
-
CVE-2023-1583
<https://nvd.nist.gov/vuln/detail/CVE-2023-1583> CVSSv3
score: 5.5(Medium)
A NULL pointer dereference was found in io_file_bitmap_get
in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel.
When fixed files are unregistered, some context information
(file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent
request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC
can cause a NULL pointer dereference. An unprivileged user can use the flaw
to cause a system crash.
-
CVE-2023-1611
<https://nvd.nist.gov/vuln/detail/CVE-2023-1611> CVSSv3
score: 6.3(Medium)
A use-after-free flaw was found in btrfs_search_slot in
fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker
to crash the system and possibly cause a kernel information lea
-
CVE-2023-1637
<https://nvd.nist.gov/vuln/detail/CVE-2023-1637> CVSSv3
score: 5.5(Medium)
A flaw that boot CPU could be vulnerable for the speculative
execution behavior kind of attacks in the Linux kernel X86 CPU Power
management options functionality was found in the way user resuming CPU
from suspend-to-RAM. A local user could use this flaw to potentially get
unauthorized access to some memory of the CPU similar to the speculative
execution behavior kind of attacks.
-
CVE-2023-1652
<https://nvd.nist.gov/vuln/detail/CVE-2023-1652> CVSSv3
score: 7.1(High)
A use-after-free flaw was found in nfsd4_ssc_setup_dul in
fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue
could allow a local attacker to crash the system or it may lead to a kernel
information leak problem.
-
CVE-2023-1670
<https://nvd.nist.gov/vuln/detail/CVE-2023-1670> CVSSv3
score: 7.8(High)
A flaw use after free in the Linux kernel Xircom 16-bit
PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw
to crash the system or potentially escalate their privileges on the system.
-
CVE-2023-1829
<https://nvd.nist.gov/vuln/detail/CVE-2023-1829> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux Kernel traffic
control index filter (tcindex) can be exploited to achieve local privilege
escalation. The tcindex_delete function which does not properly deactivate
filters in case of a perfect hashes while deleting the underlying structure
which can later lead to double freeing the structure. A local attacker user
can use this vulnerability to elevate its privileges to root.
We recommend upgrading past commit
8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
-
CVE-2023-1838
<https://nvd.nist.gov/vuln/detail/CVE-2023-1838> CVSSv3
score: 7.1(High)
A use-after-free flaw was found in vhost_net_set_backend in
drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due
to a double fget. This flaw could allow a local attacker to crash the
system, and could even lead to a kernel information leak problem.
-
CVE-2023-1855
<https://nvd.nist.gov/vuln/detail/CVE-2023-1855> CVSSv3
score: 6.3(Medium)
A use-after-free flaw was found in xgene_hwmon_remove in
drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver
(xgene-hwmon). This flaw could allow a local attacker to crash the system
due to a race problem. This vulnerability could even lead to a kernel
information leak problem.
-
CVE-2023-1859
<https://nvd.nist.gov/vuln/detail/CVE-2023-1859> CVSSv3
score: 4.7(Medium)
A use-after-free flaw was found in xen_9pfs_front_removet in
net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw
could allow a local attacker to crash the system due to a race problem,
possibly leading to a kernel information leak.
-
CVE-2023-1872
<https://nvd.nist.gov/vuln/detail/CVE-2023-1872> CVSSv3
score: 7(High)
A use-after-free vulnerability in the Linux Kernel io_uring
system can be exploited to achieve local privilege escalation.
The io_file_get_fixed function lacks the presence of
ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race
condition with fixed files getting unregistered.
We recommend upgrading past commit
da24142b1ef9fd5d36b76e36bab328a5b27523e8.
- CVE-2023-1989 <https://nvd.nist.gov/vuln/detail/CVE-2023-1989> CVSSv3
score: 7(High)
A use-after-free flaw was found in btsdio_remove in
drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to
btsdio_remove with an unfinished job, may cause a race problem leading to a
UAF on hdev devices.
- CVE-2023-1990
<https://nvd.nist.gov/vuln/detail/CVE-2023-1990> CVSSv3
score: 4.7(Medium)
A use-after-free flaw was found in ndlc_remove in
drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an
attacker to crash the system due to a race problem.
- CVE-2023-1998
<https://nvd.nist.gov/vuln/detail/CVE-2023-1998> CVSSv3
score: n/a
The Linux kernel allows userspace processes to enable
mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables
the speculation feature as well as by using seccomp. We had noticed that on
VMs of at least one major cloud provider, the kernel still left the victim
process exposed to attacks in some cases even after enabling the
spectre-BTI mitigation with prctl. The same behavior can be observed on a
bare-metal machine when forcing the mitigation to IBRS on boot command line.
This happened because when plain IBRS was enabled (not enhanced
IBRS), the kernel had some logic that determined that STIBP was not needed.
The IBRS bit implicitly protects against cross-thread branch target
injection. However, with legacy IBRS, the IBRS bit was cleared on returning
to userspace, due to performance reasons, which disabled the implicit STIBP
and left userspace threads vulnerable to cross-thread branch target
injection against which STIBP protects.
- CVE-2023-2002 <https://nvd.nist.gov/vuln/detail/CVE-2023-2002> CVSSv3
score: 6.8(Medium)
A vulnerability was found in the HCI sockets implementation
due to a missing capability check in net/bluetooth/hci_sock.c in the Linux
Kernel. This flaw allows an attacker to unauthorized execution of
management commands, compromising the confidentiality, integrity, and
availability of Bluetooth communication.
- CVE-2023-2006
<https://nvd.nist.gov/vuln/detail/CVE-2023-2006> CVSSv3
score: 7(High)
A race condition was found in the Linux kernel's RxRPC
network protocol, within the processing of RxRPC bundles. This issue
results from the lack of proper locking when performing operations on an
object. This may allow an attacker to escalate privileges and execute
arbitrary code in the context of the kernel.
- CVE-2023-2008
<https://nvd.nist.gov/vuln/detail/CVE-2023-2008> CVSSv3
score: 7.8(High)
A flaw was found in the Linux kernel's udmabuf device
driver. The specific flaw exists within a fault handler. The issue results
from the lack of proper validation of user-supplied data, which can result
in a memory access past the end of an array. An attacker can leverage this
vulnerability to escalate privileges and execute arbitrary code in the
context of the kernel.
- CVE-2023-2019
<https://nvd.nist.gov/vuln/detail/CVE-2023-2019> CVSSv3
score: 4.4(Medium)
A flaw was found in the Linux kernel's netdevsim device
driver, within the scheduling of events. This issue results from the
improper management of a reference count. This may allow an attacker to
create a denial of service condition on the system.
- CVE-2023-20569
<https://nvd.nist.gov/vuln/detail/CVE-2023-20569> CVSSv3
score: 4.7(Medium)
A side channel vulnerability on some of the AMD CPUs may allow
an attacker to influence the return address prediction. This may result in
speculative execution at an attacker-controlled address, potentially
leading to information disclosure.
- CVE-2023-20588
<https://nvd.nist.gov/vuln/detail/CVE-2023-20588> CVSSv3
score: 5.5(Medium)
A division-by-zero error on some AMD processors can potentially
return speculative data resulting in loss of confidentiality.
- CVE-2023-20593
<https://nvd.nist.gov/vuln/detail/CVE-2023-20593> CVSSv3
score: 5.5(Medium)
An issue in “Zen 2” CPUs, under specific microarchitectural
circumstances, may allow an attacker to potentially access sensitive
information.
-
CVE-2023-20928
<https://nvd.nist.gov/vuln/detail/CVE-2023-20928> CVSSv3
score: 7.8(High)
In binder_vma_close of binder.c, there is a possible use
after free due to improper locking. This could lead to local escalation of
privilege with no additional execution privileges needed. User interaction
is not needed for exploitation.Product: AndroidVersions: Android
kernelAndroid ID: A-254837884References: Upstream kernel
-
CVE-2023-20938
<https://nvd.nist.gov/vuln/detail/CVE-2023-20938> CVSSv3
score: 7.8(High)
In binder_transaction_buffer_release of binder.c, there is a
possible use after free due to improper input validation. This could lead
to local escalation of privilege with no additional execution privileges
needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream
kernel
-
CVE-2023-21102
<https://nvd.nist.gov/vuln/detail/CVE-2023-21102> CVSSv3
score: 7.8(High)
In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a
possible bypass of shadow stack protection due to a logic error in the
code. This could lead to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for
exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-260821414References: Upstream kernel
-
CVE-2023-21106
<https://nvd.nist.gov/vuln/detail/CVE-2023-21106> CVSSv3
score: 7.8(High)
In adreno_set_param of adreno_gpu.c, there is a possible
memory corruption due to a double free. This could lead to local escalation
of privilege with no additional execution privileges needed. User
interaction is not needed for exploitation.Product: AndroidVersions:
Android kernelAndroid ID: A-265016072References: Upstream kernel
-
CVE-2023-2124
<https://nvd.nist.gov/vuln/detail/CVE-2023-2124> CVSSv3
score: 7.8(High)
An out-of-bounds memory access flaw was found in the Linux
kernel’s XFS file system in how a user restores an XFS image after failure
(with a dirty log journal). This flaw allows a local user to crash or
potentially escalate their privileges on the system.
-
CVE-2023-21255
<https://nvd.nist.gov/vuln/detail/CVE-2023-21255> CVSSv3
score: 7.8(High)
In multiple functions of binder.c, there is a possible
memory corruption due to a use after free. This could lead to local
escalation of privilege with no additional execution privileges needed.
User interaction is not needed for exploitation.
-
CVE-2023-2156
<https://nvd.nist.gov/vuln/detail/CVE-2023-2156> CVSSv3
score: 7.5(High)
A flaw was found in the networking subsystem of the Linux
kernel within the handling of the RPL protocol. This issue results from the
lack of proper handling of user-supplied data, which can lead to an
assertion failure. This may allow an unauthenticated remote attacker to
create a denial of service condition on the system.
-
CVE-2023-2162
<https://nvd.nist.gov/vuln/detail/CVE-2023-2162> CVSSv3
score: 5.5(Medium)
A use-after-free vulnerability was found in
iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI
sub-component in the Linux Kernel. In this flaw an attacker could leak
kernel internal information.
-
CVE-2023-2163
<https://nvd.nist.gov/vuln/detail/CVE-2023-2163> CVSSv3
score: 8.8(High)
Incorrect verifier pruning in BPF in Linux
Kernel >=5.4 leads to unsafe
code paths being incorrectly marked as safe, resulting
in arbitrary read/write in
kernel memory, lateral privilege escalation, and container
escape.
-
CVE-2023-2166
<https://nvd.nist.gov/vuln/detail/CVE-2023-2166> CVSSv3
score: 5.5(Medium)
A null pointer dereference issue was found in can protocol
in net/can/af_can.c in the Linux before Linux. ml_priv may not be
initialized in the receive path of CAN frames. A local user could use this
flaw to crash the system or potentially cause a denial of service.
-
CVE-2023-2177
<https://nvd.nist.gov/vuln/detail/CVE-2023-2177> CVSSv3
score: 5.5(Medium)
A null pointer dereference issue was found in the sctp
network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in
allocation is failed, stream_out is freed which would further be accessed.
A local user could use this flaw to crash the system or potentially cause a
denial of service.
-
CVE-2023-2194
<https://nvd.nist.gov/vuln/detail/CVE-2023-2194> CVSSv3
score: 6.7(Medium)
An out-of-bounds write vulnerability was found in the Linux
kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable
was not capped to a number between 0-255 and was used as the size of a
memcpy, possibly writing beyond the end of dma_buffer. This flaw could
allow a local privileged user to crash the system or potentially achieve
code execution.
-
CVE-2023-2235
<https://nvd.nist.gov/vuln/detail/CVE-2023-2235> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux Kernel
Performance Events system can be exploited to achieve local privilege
escalation.
The perf_group_detach function did not check the event's
siblings' attach_state before calling add_event_to_groups(),
but remove_on_exec made it possible to call list_del_event() on before
detaching from their group, making it possible to use a dangling pointer
causing a use-after-free vulnerability.
We recommend upgrading past commit
fd0815f632c24878e325821943edccc7fde947a2.
- CVE-2023-2236 <https://nvd.nist.gov/vuln/detail/CVE-2023-2236> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux Kernel io_uring
subsystem can be exploited to achieve local privilege escalation.
Both io_install_fixed_file and its callers call fput in a file
in case of an error, causing a reference underflow which leads to a
use-after-free vulnerability.
We recommend upgrading past commit
9d94c04c0db024922e886c9fd429659f22f48ea4.
- CVE-2023-2269 <https://nvd.nist.gov/vuln/detail/CVE-2023-2269> CVSSv3
score: 4.4(Medium)
A denial of service problem was found, due to a possible
recursive locking scenario, resulting in a deadlock in table_clear in
drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing
sub-component.
- CVE-2023-22996
<https://nvd.nist.gov/vuln/detail/CVE-2023-22996> CVSSv3
score: 5.5(Medium)
In the Linux kernel before 5.17.2,
drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node
reference after use, e.g., with put_device.
- CVE-2023-22997
<https://nvd.nist.gov/vuln/detail/CVE-2023-22997> CVSSv3
score: 5.5(Medium)
In the Linux kernel before 6.1.2, kernel/module/decompress.c
misinterprets the module_get_next_page return value (expects it to be NULL
in the error case, whereas it is actually an error pointer).
- CVE-2023-22998
<https://nvd.nist.gov/vuln/detail/CVE-2023-22998> CVSSv3
score: 5.5(Medium)
In the Linux kernel before 6.0.3,
drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the
drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error
case, whereas it is actually an error pointer).
- CVE-2023-22999
<https://nvd.nist.gov/vuln/detail/CVE-2023-22999> CVSSv3
score: 5.5(Medium)
In the Linux kernel before 5.16.3,
drivers/usb/dwc3/dwc3-qcom.c misinterprets the
dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the
error case, whereas it is actually an error pointer).
- CVE-2023-23001
<https://nvd.nist.gov/vuln/detail/CVE-2023-23001> CVSSv3
score: 5.5(Medium)
In the Linux kernel before 5.16.3,
drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return
value (expects it to be NULL in the error case, whereas it is actually an
error pointer).
- CVE-2023-23002
<https://nvd.nist.gov/vuln/detail/CVE-2023-23002> CVSSv3
score: 5.5(Medium)
In the Linux kernel before 5.16.3,
drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional
return value (expects it to be NULL in the error case, whereas it is
actually an error pointer).
- CVE-2023-23454
<https://nvd.nist.gov/vuln/detail/CVE-2023-23454> CVSSv3
score: 5.5(Medium)
cbq_classify in net/sched/sch_cbq.c in the Linux kernel
through 6.1.4 allows attackers to cause a denial of service
(slab-out-of-bounds read) because of type confusion (non-negative numbers
can sometimes indicate a TC_ACT_SHOT condition rather than valid
classification results).
- CVE-2023-23455
<https://nvd.nist.gov/vuln/detail/CVE-2023-23455> CVSSv3
score: 5.5(Medium)
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel
through 6.1.4 allows attackers to cause a denial of service because of type
confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT
condition rather than valid classification results).
- CVE-2023-23559
<https://nvd.nist.gov/vuln/detail/CVE-2023-23559> CVSSv3
score: 7.8(High)
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in
the Linux kernel through 6.1.5, there is an integer overflow in an addition.
- CVE-2023-23908
<https://nvd.nist.gov/vuln/detail/CVE-2023-23908> CVSSv3
score: 4.4(Medium)
Improper access control in some 3rd Generation Intel® Xeon®
Scalable processors may allow a privileged user to potentially enable
information disclosure via local access.
- CVE-2023-2430
<https://nvd.nist.gov/vuln/detail/CVE-2023-2430> CVSSv3
score: 5.5(Medium)
A vulnerability was found due to missing lock for IOPOLL
flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw
allows a local attacker with user privilege to trigger a Denial of Service
threat.
- CVE-2023-25012
<https://nvd.nist.gov/vuln/detail/CVE-2023-25012> CVSSv3
score: 4.6(Medium)
The Linux kernel through 6.1.9 has a Use-After-Free in
bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device
because the LED controllers remain registered for too long.
- CVE-2023-2513
<https://nvd.nist.gov/vuln/detail/CVE-2023-2513> CVSSv3
score: 6.7(Medium)
A use-after-free vulnerability was found in the Linux
kernel's ext4 filesystem in the way it handled the extra inode size for
extended attributes. This flaw could allow a privileged local user to cause
a system crash or other undefined behaviors.
- CVE-2023-25775
<https://nvd.nist.gov/vuln/detail/CVE-2023-25775> CVSSv3
score: 9.8(Critical)
Improper access control in the Intel® Ethernet Controller
RDMA driver for linux before version 1.9.30 may allow an unauthenticated
user to potentially enable escalation of privilege via network access.
- CVE-2023-26544
<https://nvd.nist.gov/vuln/detail/CVE-2023-26544> CVSSv3
score: 7.8(High)
In the Linux kernel 6.0.8, there is a use-after-free in
run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector
size and media sector size.
- CVE-2023-26545
<https://nvd.nist.gov/vuln/detail/CVE-2023-26545> CVSSv3
score: 4.7(Medium)
In the Linux kernel before 6.1.13, there is a double free in
net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl
table under a new location) during the renaming of a device.
- CVE-2023-26606
<https://nvd.nist.gov/vuln/detail/CVE-2023-26606> CVSSv3
score: 7.8(High)
In the Linux kernel 6.0.8, there is a use-after-free in
ntfs_trim_fs in fs/ntfs3/bitmap.c.
- CVE-2023-26607
<https://nvd.nist.gov/vuln/detail/CVE-2023-26607> CVSSv3
score: 7.1(High)
In the Linux kernel 6.0.8, there is an out-of-bounds read in
ntfs_attr_find in fs/ntfs/attrib.c.
- CVE-2023-28327
<https://nvd.nist.gov/vuln/detail/CVE-2023-28327> CVSSv3
score: 5.5(Medium)
A NULL pointer dereference flaw was found in the UNIX
protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The
newly allocated skb does not have sk, leading to a NULL pointer. This flaw
allows a local user to crash or potentially cause a denial of service.
- CVE-2023-28328
<https://nvd.nist.gov/vuln/detail/CVE-2023-28328> CVSSv3
score: 5.5(Medium)
A NULL pointer dereference flaw was found in the az6027
driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The
message from user space is not checked properly before transferring into
the device. This flaw allows a local user to crash the system or
potentially cause a denial of service.
- CVE-2023-28410
<https://nvd.nist.gov/vuln/detail/CVE-2023-28410> CVSSv3
score: 7.8(High)
Improper restriction of operations within the bounds of a
memory buffer in some Intel® i915 Graphics drivers for linux before kernel
version 6.2.10 may allow an authenticated user to potentially enable
escalation of privilege via local access.
- CVE-2023-28466
<https://nvd.nist.gov/vuln/detail/CVE-2023-28466> CVSSv3
score: 7(High)
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel
through 6.2.6 lacks a lock_sock call, leading to a race condition (with a
resultant use-after-free or NULL pointer dereference).
- CVE-2023-28866
<https://nvd.nist.gov/vuln/detail/CVE-2023-28866> CVSSv3
score: 5.3(Medium)
In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c
allows out-of-bounds access because amp_init1[] and amp_init2[] are
supposed to have an intentionally invalid element, but do not.
- CVE-2023-2898
<https://nvd.nist.gov/vuln/detail/CVE-2023-2898> CVSSv3
score: 4.7(Medium)
There is a null-pointer-dereference flaw found in
f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a
local privileged user to cause a denial of service problem.
- CVE-2023-2985
<https://nvd.nist.gov/vuln/detail/CVE-2023-2985> CVSSv3
score: 5.5(Medium)
A use after free flaw was found in hfsplus_put_super in
fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user
to cause a denial of service problem.
- CVE-2023-3006
<https://nvd.nist.gov/vuln/detail/CVE-2023-3006> CVSSv3
score: 5.5(Medium)
A known cache speculation vulnerability, known as Branch
History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw
AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code
uses the shared branch history (stored in the CPU Branch History Buffer, or
BHB) to influence mispredicted branches within the victim's hardware
context. Once that occurs, speculation caused by the mispredicted branches
can cause cache allocation. This issue leads to obtaining information that
should not be accessible.
- CVE-2023-30456
<https://nvd.nist.gov/vuln/detail/CVE-2023-30456> CVSSv3
score: 6.5(Medium)
An issue was discovered in arch/x86/kvm/vmx/nested.c in the
Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0
and CR4.
- CVE-2023-30772
<https://nvd.nist.gov/vuln/detail/CVE-2023-30772> CVSSv3
score: 6.4(Medium)
The Linux kernel before 6.2.9 has a race condition and
resultant use-after-free in drivers/power/supply/da9150-charger.c if a
physically proximate attacker unplugs a device.
- CVE-2023-3090
<https://nvd.nist.gov/vuln/detail/CVE-2023-3090> CVSSv3
score: n/a
A heap out-of-bounds write vulnerability in the Linux Kernel
ipvlan network driver can be exploited to achieve local privilege
escalation.
The out-of-bounds write is caused by missing skb->cb
initialization in the ipvlan network driver. The vulnerability is reachable
if CONFIG_IPVLAN is enabled.
We recommend upgrading past commit
90cbed5247439a966b645b34eb0a2e037836ea8e.
- CVE-2023-31085
<https://nvd.nist.gov/vuln/detail/CVE-2023-31085> CVSSv3
score: 5.5(Medium)
An issue was discovered in drivers/mtd/ubi/cdev.c in the
Linux kernel 6.2. There is a divide-by-zero error in
do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when
mtd->erasesize is 0.
- CVE-2023-3111
<https://nvd.nist.gov/vuln/detail/CVE-2023-3111> CVSSv3
score: 7.8(High)
A use after free vulnerability was found in
prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel.
This possible flaw can be triggered by calling btrfs_ioctl_balance() before
calling btrfs_ioctl_defrag().
- CVE-2023-31248
<https://nvd.nist.gov/vuln/detail/CVE-2023-31248> CVSSv3
score: n/a
Linux Kernel nftables Use-After-Free Local Privilege
Escalation Vulnerability; nft_chain_lookup_byid() failed to
check whether a chain was active and CAP_NET_ADMIN is in any user or
network namespace
- CVE-2023-3141
<https://nvd.nist.gov/vuln/detail/CVE-2023-3141> CVSSv3
score: 7.1(High)
A use-after-free flaw was found in r592_remove in
drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw
allows a local attacker to crash the system at device disconnect, possibly
leading to a kernel information leak.
- CVE-2023-31436
<https://nvd.nist.gov/vuln/detail/CVE-2023-31436> CVSSv3
score: 7.8(High)
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel
before 6.2.13 allows an out-of-bounds write because lmax can exceed
QFQ_MIN_LMAX.
- CVE-2023-3159
<https://nvd.nist.gov/vuln/detail/CVE-2023-3159> CVSSv3
score: 6.7(Medium)
A use after free issue was discovered in driver/firewire in
outbound_phy_packet_callback in the Linux Kernel. In this flaw a local
attacker with special privilege may cause a use after free problem when
queue_event() fails.
- CVE-2023-3161
<https://nvd.nist.gov/vuln/detail/CVE-2023-3161> CVSSv3
score: 5.5(Medium)
A flaw was found in the Framebuffer Console (fbcon) in the
Linux Kernel. When providing font->width and font->height greater than 32
to fbcon_set_font, since there are no checks in place, a
shift-out-of-bounds occurs leading to undefined behavior and possible
denial of service.
- CVE-2023-3212
<https://nvd.nist.gov/vuln/detail/CVE-2023-3212> CVSSv3
score: 4.4(Medium)
A NULL pointer dereference issue was found in the gfs2 file
system in the Linux kernel. It occurs on corrupt gfs2 file systems when the
evict code tries to reference the journal descriptor structure after it has
been freed and set to NULL. A privileged local user could use this flaw to
cause a kernel panic.
- CVE-2023-3220
<https://nvd.nist.gov/vuln/detail/CVE-2023-3220> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel through 6.1-rc8.
dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks
check of the return value of kzalloc() and will cause the NULL Pointer
Dereference.
- CVE-2023-32233
<https://nvd.nist.gov/vuln/detail/CVE-2023-32233> CVSSv3
score: 7.8(High)
In the Linux kernel through 6.3.1, a use-after-free in
Netfilter nf_tables when processing batch requests can be abused to perform
arbitrary read and write operations on kernel memory. Unprivileged local
users can obtain root privileges. This occurs because anonymous sets are
mishandled.
- CVE-2023-32247
<https://nvd.nist.gov/vuln/detail/CVE-2023-32247> CVSSv3
score: n/a
A flaw was found in the Linux kernel's ksmbd, a
high-performance in-kernel SMB server. The specific flaw exists within the
handling of SMB2_SESSION_SETUP commands. The issue results from the lack of
control of resource consumption. An attacker can leverage this
vulnerability to create a denial-of-service condition on the system.
- CVE-2023-32248
<https://nvd.nist.gov/vuln/detail/CVE-2023-32248> CVSSv3
score: n/a
A flaw was found in the Linux kernel's ksmbd, a
high-performance in-kernel SMB server. The specific flaw exists within the
handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue
results from the lack of proper validation of a pointer prior to accessing
it. An attacker can leverage this vulnerability to create a
denial-of-service condition on the system.
- CVE-2023-32250
<https://nvd.nist.gov/vuln/detail/CVE-2023-32250> CVSSv3
score: 8.1(High)
A flaw was found in the Linux kernel's ksmbd, a
high-performance in-kernel SMB server. The specific flaw exists within the
processing of SMB2_SESSION_SETUP commands. The issue results from the lack
of proper locking when performing operations on an object. An attacker can
leverage this vulnerability to execute code in the context of the kernel.
- CVE-2023-32252
<https://nvd.nist.gov/vuln/detail/CVE-2023-32252> CVSSv3
score: n/a
A flaw was found in the Linux kernel's ksmbd, a
high-performance in-kernel SMB server. The specific flaw exists within the
handling of SMB2_LOGOFF commands. The issue results from the lack of proper
validation of a pointer prior to accessing it. An attacker can leverage
this vulnerability to create a denial-of-service condition on the system.
- CVE-2023-32254
<https://nvd.nist.gov/vuln/detail/CVE-2023-32254> CVSSv3
score: 8.1(High)
A flaw was found in the Linux kernel's ksmbd, a
high-performance in-kernel SMB server. The specific flaw exists within the
processing of SMB2_TREE_DISCONNECT commands. The issue results from the
lack of proper locking when performing operations on an object. An attacker
can leverage this vulnerability to execute code in the context of the
kernel.
- CVE-2023-32257
<https://nvd.nist.gov/vuln/detail/CVE-2023-32257> CVSSv3
score: n/a
A flaw was found in the Linux kernel's ksmbd, a
high-performance in-kernel SMB server. The specific flaw exists within the
processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue
results from the lack of proper locking when performing operations on an
object. An attacker can leverage this vulnerability to execute code in the
context of the kernel.
- CVE-2023-32258
<https://nvd.nist.gov/vuln/detail/CVE-2023-32258> CVSSv3
score: n/a
A flaw was found in the Linux kernel's ksmbd, a
high-performance in-kernel SMB server. The specific flaw exists within the
processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from
the lack of proper locking when performing operations on an object. An
attacker can leverage this vulnerability to execute code in the context of
the kernel.
- CVE-2023-32269
<https://nvd.nist.gov/vuln/detail/CVE-2023-32269> CVSSv3
score: 6.7(Medium)
An issue was discovered in the Linux kernel before 6.1.11.
In net/netrom/af_netrom.c, there is a use-after-free because accept is also
allowed for a successfully connected AF_NETROM socket. However, in order
for an attacker to exploit this, the system must have netrom routing
configured or the attacker must have the CAP_NET_ADMIN capability.
- CVE-2023-3268
<https://nvd.nist.gov/vuln/detail/CVE-2023-3268> CVSSv3
score: 7.1(High)
An out of bounds (OOB) memory access flaw was found in the
Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs.
This flaw could allow a local attacker to crash the system or leak kernel
internal information.
- CVE-2023-3269
<https://nvd.nist.gov/vuln/detail/CVE-2023-3269> CVSSv3
score: 7.8(High)
A vulnerability exists in the memory management subsystem of
the Linux kernel. The lock handling for accessing and updating virtual
memory areas (VMAs) is incorrect, leading to use-after-free problems. This
issue can be successfully exploited to execute arbitrary kernel code,
escalate containers, and gain root privileges.
- CVE-2023-33203
<https://nvd.nist.gov/vuln/detail/CVE-2023-33203> CVSSv3
score: 6.4(Medium)
The Linux kernel before 6.2.9 has a race condition and
resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a
physically proximate attacker unplugs an emac based device.
- CVE-2023-33288
<https://nvd.nist.gov/vuln/detail/CVE-2023-33288> CVSSv3
score: 4.7(Medium)
An issue was discovered in the Linux kernel before 6.2.9. A
use-after-free was found in bq24190_remove in
drivers/power/supply/bq24190_charger.c. It could allow a local attacker to
crash the system due to a race condition.
- CVE-2023-3355
<https://nvd.nist.gov/vuln/detail/CVE-2023-3355> CVSSv3
score: 5.5(Medium)
A NULL pointer dereference flaw was found in the Linux
kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the
submit_lookup_cmds function, which fails because it lacks a check of the
return value of kmalloc(). This issue allows a local user to crash the
system.
- CVE-2023-3357
<https://nvd.nist.gov/vuln/detail/CVE-2023-3357> CVSSv3
score: 5.5(Medium)
A NULL pointer dereference flaw was found in the Linux
kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash
the system.
- CVE-2023-3358
<https://nvd.nist.gov/vuln/detail/CVE-2023-3358> CVSSv3
score: 5.5(Medium)
A null pointer dereference was found in the Linux kernel's
Integrated Sensor Hub (ISH) driver. This issue could allow a local user to
crash the system.
- CVE-2023-3359
<https://nvd.nist.gov/vuln/detail/CVE-2023-3359> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel brcm_nvram_parse
in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of
kzalloc() can cause the NULL Pointer Dereference.
- CVE-2023-3390
<https://nvd.nist.gov/vuln/detail/CVE-2023-3390> CVSSv3
score: n/a
A use-after-free vulnerability was found in the Linux
kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.
Mishandled error handling with NFT_MSG_NEWRULE makes it
possible to use a dangling pointer in the same transaction causing a
use-after-free vulnerability. This flaw allows a local attacker with user
access to cause a privilege escalation issue.
We recommend upgrading past
commit 1240eb93f0616b21c675416516ff3d74798fdc97.
-
CVE-2023-33951
<https://nvd.nist.gov/vuln/detail/CVE-2023-33951> CVSSv3
score: 5.3(Medium)
A race condition vulnerability was found in the vmwgfx
driver in the Linux kernel. The flaw exists within the handling of GEM
objects. The issue results from improper locking when performing operations
on an object. This flaw allows a local privileged user to disclose
information in the context of the kernel.
-
CVE-2023-33952
<https://nvd.nist.gov/vuln/detail/CVE-2023-33952> CVSSv3
score: n/a
A double-free vulnerability was found in handling
vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This
issue occurs due to the lack of validating the existence of an object prior
to performing further free operations on the object, which may allow a
local privileged user to escalate privileges and execute code in the
context of the kernel.
-
CVE-2023-34256
<https://nvd.nist.gov/vuln/detail/CVE-2023-34256> CVSSv3
score: 5.5(Medium)
An issue was discovered in the Linux kernel before 6.3.3.
There is an out-of-bounds read in crc16 in lib/crc16.c when called from
fs/ext4/super.c because ext4_group_desc_csum does not properly check an
offset. NOTE: this is disputed by third parties because the kernel is not
intended to defend against attackers with the stated "When modifying the
block device while it is mounted by the filesystem" access.
-
CVE-2023-34319
<https://nvd.nist.gov/vuln/detail/CVE-2023-34319> CVSSv3
score: 7.8(High)
The fix for XSA-423 added logic to Linux'es netback driver
to deal with
a frontend splitting a packet in a way such that not all of
the headers
would come in one piece. Unfortunately the logic introduced
there
didn't account for the extreme case of the entire packet
being split
into as many pieces as permitted by the protocol, yet still
being
smaller than the area that's specially dealt with to keep
all (possible)
headers together. Such an unusual packet would therefore
trigger a
buffer overrun in the driver.
-
CVE-2023-34324
<https://nvd.nist.gov/vuln/detail/CVE-2023-34324> CVSSv3
score: 4.9(Medium)
Closing of an event channel in the Linux kernel can result
in a deadlock.
This happens when the close is being performed in parallel
to an unrelated
Xen console action and the handling of a Xen console
interrupt in an
unprivileged guest.
The closing of an event channel is e.g. triggered by removal of
a
paravirtual device on the other side. As this action will cause
console
messages to be issued on the other side quite often, the chance
of
triggering the deadlock is not neglectable.
Note that 32-bit Arm-guests are not affected, as the 32-bit
Linux kernel
on Arm doesn't use queued-RW-locks, which are required to
trigger the
issue (on Arm32 a waiting writer doesn't block further readers
to get
the lock).
- CVE-2023-3439 <https://nvd.nist.gov/vuln/detail/CVE-2023-3439> CVSSv3
score: 4.7(Medium)
A flaw was found in the MCTP protocol in the Linux kernel.
The function mctp_unregister() reclaims the device's relevant resource when
a netcard detaches. However, a running routine may be unaware of this and
cause the use-after-free of the mdev->addrs object, potentially leading to
a denial of service.
- CVE-2023-35001
<https://nvd.nist.gov/vuln/detail/CVE-2023-35001> CVSSv3
score: n/a
Linux Kernel nftables Out-Of-Bounds Read/Write
Vulnerability; nft_byteorder poorly handled vm register contents when
CAP_NET_ADMIN is in any user or network namespace
- CVE-2023-3567
<https://nvd.nist.gov/vuln/detail/CVE-2023-3567> CVSSv3
score: n/a
A use-after-free flaw was found in vcs_read in
drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may
allow an attacker with local user access to cause a system crash or leak
internal kernel information.
- CVE-2023-35788
<https://nvd.nist.gov/vuln/detail/CVE-2023-35788> CVSSv3
score: 7.8(High)
An issue was discovered in fl_set_geneve_opt in
net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an
out-of-bounds write in the flower classifier code via
TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of
service or privilege escalation.
- CVE-2023-35823
<https://nvd.nist.gov/vuln/detail/CVE-2023-35823> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel before 6.3.2. A
use-after-free was found in saa7134_finidev in
drivers/media/pci/saa7134/saa7134-core.c.
- CVE-2023-35824
<https://nvd.nist.gov/vuln/detail/CVE-2023-35824> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel before 6.3.2. A
use-after-free was found in dm1105_remove in
drivers/media/pci/dm1105/dm1105.c.
- CVE-2023-35826
<https://nvd.nist.gov/vuln/detail/CVE-2023-35826> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel before 6.3.2. A
use-after-free was found in cedrus_remove in
drivers/staging/media/sunxi/cedrus/cedrus.c.
- CVE-2023-35827
<https://nvd.nist.gov/vuln/detail/CVE-2023-35827> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel through 6.3.8. A
use-after-free was found in ravb_remove in
drivers/net/ethernet/renesas/ravb_main.c.
- CVE-2023-35828
<https://nvd.nist.gov/vuln/detail/CVE-2023-35828> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel before 6.3.2. A
use-after-free was found in renesas_usb3_remove in
drivers/usb/gadget/udc/renesas_usb3.c.
- CVE-2023-35829
<https://nvd.nist.gov/vuln/detail/CVE-2023-35829> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel before 6.3.2. A
use-after-free was found in rkvdec_remove in
drivers/staging/media/rkvdec/rkvdec.c.
- CVE-2023-3609
<https://nvd.nist.gov/vuln/detail/CVE-2023-3609> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's
net/sched: cls_u32 component can be exploited to achieve local privilege
escalation.
If tcf_change_indev() fails, u32_set_parms() will immediately
return an error after incrementing or decrementing the reference counter in
tcf_bind_filter(). If an attacker can control the reference counter and set
it to zero, they can cause the reference to be freed, leading to a
use-after-free vulnerability.
We recommend upgrading past commit
04c55383fa5689357bcdd2c8036725a55ed632bc.
- CVE-2023-3610 <https://nvd.nist.gov/vuln/detail/CVE-2023-3610> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's
netfilter: nf_tables component can be exploited to achieve local privilege
escalation.
Flaw in the error handling of bound chains causes a
use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability
requires CAP_NET_ADMIN to be triggered.
We recommend upgrading past commit
4bedf9eee016286c835e3d8fa981ddece5338795.
- CVE-2023-3611 <https://nvd.nist.gov/vuln/detail/CVE-2023-3611> CVSSv3
score: n/a
An out-of-bounds write vulnerability in the Linux kernel's
net/sched: sch_qfq component can be exploited to achieve local privilege
escalation.
The qfq_change_agg() function in net/sched/sch_qfq.c allows an
out-of-bounds write because lmax is updated according to packet sizes
without bounds checks.
We recommend upgrading past commit
3e337087c3b5805fe0b8a46ba622a962880b5d64.
- CVE-2023-3772 <https://nvd.nist.gov/vuln/detail/CVE-2023-3772> CVSSv3
score: 4.4(Medium)
A flaw was found in the Linux kernel’s IP framework for
transforming packets (XFRM subsystem). This issue may allow a malicious
user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer
in xfrm_update_ae_params(), leading to a possible kernel crash and denial
of service.
- CVE-2023-3773
<https://nvd.nist.gov/vuln/detail/CVE-2023-3773> CVSSv3
score: 4.4(Medium)
A flaw was found in the Linux kernel’s IP framework for
transforming packets (XFRM subsystem). This issue may allow a malicious
user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of
XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential
leakage of sensitive heap data to userspace.
- CVE-2023-3776
<https://nvd.nist.gov/vuln/detail/CVE-2023-3776> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's
net/sched: cls_fw component can be exploited to achieve local privilege
escalation.
If tcf_change_indev() fails, fw_set_parms() will immediately
return an error after incrementing or decrementing the reference counter in
tcf_bind_filter(). If an attacker can control the reference counter and set
it to zero, they can cause the reference to be freed, leading to a
use-after-free vulnerability.
We recommend upgrading past commit
0323bce598eea038714f941ce2b22541c46d488f.
- CVE-2023-3777 <https://nvd.nist.gov/vuln/detail/CVE-2023-3777> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's
netfilter: nf_tables component can be exploited to achieve local privilege
escalation.
When nf_tables_delrule() is flushing table rules, it is not
checked whether the chain is bound and the chain's owner rule can also
release the objects in certain circumstances.
We recommend upgrading past commit
6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
-
CVE-2023-3812
<https://nvd.nist.gov/vuln/detail/CVE-2023-3812> CVSSv3
score: n/a
An out-of-bounds memory access flaw was found in the Linux
kernel’s TUN/TAP device driver functionality in how a user generates a
malicious (too big) networking packet when napi frags is enabled. This flaw
allows a local user to crash or potentially escalate their privileges on
the system.
-
CVE-2023-38409
<https://nvd.nist.gov/vuln/detail/CVE-2023-38409> CVSSv3
score: 5.5(Medium)
An issue was discovered in set_con2fb_map in
drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because
an assignment occurs only for the first vc, the fbcon_registered_fb and
fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the
con2fb_map points at the old fb_info).
-
CVE-2023-38426
<https://nvd.nist.gov/vuln/detail/CVE-2023-38426> CVSSv3
score: 9.1(Critical)
An issue was discovered in the Linux kernel before 6.3.4.
ksmbd has an out-of-bounds read in smb2_find_context_vals when
create_context's name_len is larger than the tag length.
-
CVE-2023-38427
<https://nvd.nist.gov/vuln/detail/CVE-2023-38427> CVSSv3
score: 9.8(Critical)
An issue was discovered in the Linux kernel before 6.3.8.
fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds
read in deassemble_neg_contexts.
-
CVE-2023-38428
<https://nvd.nist.gov/vuln/detail/CVE-2023-38428> CVSSv3
score: 9.1(Critical)
An issue was discovered in the Linux kernel before 6.3.4.
fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value
because it does not consider the address of security buffer, leading to an
out-of-bounds read.
-
CVE-2023-38429
<https://nvd.nist.gov/vuln/detail/CVE-2023-38429> CVSSv3
score: 9.8(Critical)
An issue was discovered in the Linux kernel before 6.3.4.
fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation
(because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.
-
CVE-2023-38430
<https://nvd.nist.gov/vuln/detail/CVE-2023-38430> CVSSv3
score: 9.1(Critical)
An issue was discovered in the Linux kernel before 6.3.9.
ksmbd does not validate the SMB request protocol ID, leading to an
out-of-bounds read.
-
CVE-2023-38431
<https://nvd.nist.gov/vuln/detail/CVE-2023-38431> CVSSv3
score: 9.1(Critical)
An issue was discovered in the Linux kernel before 6.3.8.
fs/smb/server/connection.c in ksmbd does not validate the relationship
between the NetBIOS header's length field and the SMB header sizes, via
pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.
-
CVE-2023-38432
<https://nvd.nist.gov/vuln/detail/CVE-2023-38432> CVSSv3
score: 9.1(Critical)
An issue was discovered in the Linux kernel before 6.3.10.
fs/smb/server/smb2misc.c in ksmbd does not validate the relationship
between the command payload size and the RFC1002 length specification,
leading to an out-of-bounds read.
-
CVE-2023-3863
<https://nvd.nist.gov/vuln/detail/CVE-2023-3863> CVSSv3
score: 4.1(Medium)
A use-after-free flaw was found in nfc_llcp_find_local in
net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local
user with special privileges to impact a kernel information leak issue.
-
CVE-2023-3865
<https://nvd.nist.gov/vuln/detail/CVE-2023-3865> CVSSv3
score: n/a
-
CVE-2023-3866
<https://nvd.nist.gov/vuln/detail/CVE-2023-3866> CVSSv3
score: n/a
-
CVE-2023-3867
<https://nvd.nist.gov/vuln/detail/CVE-2023-3867> CVSSv3
score: n/a
-
CVE-2023-39189
<https://nvd.nist.gov/vuln/detail/CVE-2023-39189> CVSSv3
score: 6(Medium)
A flaw was found in the Netfilter subsystem in the Linux
kernel. The nfnl_osf_add_callback function did not validate the user mode
controlled opt_num field. This flaw allows a local privileged
(CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a
crash or information disclosure.
-
CVE-2023-39192
<https://nvd.nist.gov/vuln/detail/CVE-2023-39192> CVSSv3
score: 6(Medium)
A flaw was found in the Netfilter subsystem in the Linux
kernel. The xt_u32 module did not validate the fields in the xt_u32
structure. This flaw allows a local privileged attacker to trigger an
out-of-bounds read by setting the size fields with a value beyond the array
boundaries, leading to a crash or information disclosure.
-
CVE-2023-39193
<https://nvd.nist.gov/vuln/detail/CVE-2023-39193> CVSSv3
score: 6(Medium)
A flaw was found in the Netfilter subsystem in the Linux
kernel. The sctp_mt_check did not validate the flag_count field. This flaw
allows a local privileged (CAP_NET_ADMIN) attacker to trigger an
out-of-bounds read, leading to a crash or information disclosure.
-
CVE-2023-39194
<https://nvd.nist.gov/vuln/detail/CVE-2023-39194> CVSSv3
score: 4.4(Medium)
A flaw was found in the XFRM subsystem in the Linux kernel.
The specific flaw exists within the processing of state filters, which can
result in a read past the end of an allocated buffer. This flaw allows a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
potentially leading to an information disclosure.
-
CVE-2023-39197
<https://nvd.nist.gov/vuln/detail/CVE-2023-39197> CVSSv3
score: n/a
-
CVE-2023-39198
<https://nvd.nist.gov/vuln/detail/CVE-2023-39198> CVSSv3
score: 6.4(Medium)
A race condition was found in the QXL driver in the Linux
kernel. The qxl_mode_dumb_create() function dereferences the qobj returned
by the qxl_gem_object_create_with_handle(), but the handle is the only one
holding a reference to it. This flaw allows an attacker to guess the
returned handle value and trigger a use-after-free issue, potentially
leading to a denial of service or privilege escalation.
-
CVE-2023-4004
<https://nvd.nist.gov/vuln/detail/CVE-2023-4004> CVSSv3
score: n/a
A use-after-free flaw was found in the Linux kernel's
netfilter in the way a user triggers the nft_pipapo_remove function with
the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local
user to crash the system or potentially escalate their privileges on the
system.
-
CVE-2023-4015
<https://nvd.nist.gov/vuln/detail/CVE-2023-4015> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's
netfilter: nf_tables component can be exploited to achieve local privilege
escalation.
On an error when building a nftables rule, deactivating
immediate expressions in nft_immediate_deactivate() can lead unbinding the
chain and objects be deactivated but later used.
We recommend upgrading past commit
0a771f7b266b02d262900c75f1e175c7fe76fec2.
- CVE-2023-40283
<https://nvd.nist.gov/vuln/detail/CVE-2023-40283> CVSSv3
score: 7.8(High)
An issue was discovered in l2cap_sock_release in
net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a
use-after-free because the children of an sk are mishandled.
- CVE-2023-4132
<https://nvd.nist.gov/vuln/detail/CVE-2023-4132> CVSSv3
score: n/a
A use-after-free vulnerability was found in the siano smsusb
module in the Linux kernel. The bug occurs during device initialization
when the siano device is plugged in. This flaw allows a local user to crash
the system, causing a denial of service condition.
- CVE-2023-4147
<https://nvd.nist.gov/vuln/detail/CVE-2023-4147> CVSSv3
score: n/a
A use-after-free flaw was found in the Linux kernel’s
Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This
flaw allows a local user to crash or escalate their privileges on the
system.
- CVE-2023-4155
<https://nvd.nist.gov/vuln/detail/CVE-2023-4155> CVSSv3
score: 5.6(Medium)
A flaw was found in KVM AMD Secure Encrypted Virtualization
(SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with
multiple vCPUs can trigger a double fetch race condition vulnerability and
invoke the VMGEXIT handler recursively. If an attacker
manages to call the handler multiple times, they can trigger a stack
overflow and cause a denial of service or potentially guest-to-host escape
in kernel configurations without stack guard pages (
CONFIG_VMAP_STACK).
- CVE-2023-4206
<https://nvd.nist.gov/vuln/detail/CVE-2023-4206> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's
net/sched: cls_route component can be exploited to achieve local privilege
escalation.
When route4_change() is called on an existing filter, the whole
tcf_result struct is always copied into the new instance of the filter.
This causes a problem when updating a filter bound to a class, as
tcf_unbind_filter() is always called on the old instance in the success
path, decreasing filter_cnt of the still referenced class and allowing it
to be deleted, leading to a use-after-free.
We recommend upgrading past commit
b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.
- CVE-2023-4207 <https://nvd.nist.gov/vuln/detail/CVE-2023-4207> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's
net/sched: cls_fw component can be exploited to achieve local privilege
escalation.
When fw_change() is called on an existing filter, the whole
tcf_result struct is always copied into the new instance of the filter.
This causes a problem when updating a filter bound to a class, as
tcf_unbind_filter() is always called on the old instance in the success
path, decreasing filter_cnt of the still referenced class and allowing it
to be deleted, leading to a use-after-free.
We recommend upgrading past commit
76e42ae831991c828cffa8c37736ebfb831ad5ec.
- CVE-2023-4208 <https://nvd.nist.gov/vuln/detail/CVE-2023-4208> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's
net/sched: cls_u32 component can be exploited to achieve local privilege
escalation.
When u32_change() is called on an existing filter, the whole
tcf_result struct is always copied into the new instance of the filter.
This causes a problem when updating a filter bound to a class, as
tcf_unbind_filter() is always called on the old instance in the success
path, decreasing filter_cnt of the still referenced class and allowing it
to be deleted, leading to a use-after-free.
We recommend upgrading past commit
3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
- CVE-2023-4244 <https://nvd.nist.gov/vuln/detail/CVE-2023-4244> CVSSv3
score: 7(High)
A use-after-free vulnerability in the Linux kernel's
netfilter: nf_tables component can be exploited to achieve local privilege
escalation.
Due to a race condition between nf_tables netlink control plane
transaction and nft_set element garbage collection, it is possible to
underflow the reference counter causing a use-after-free vulnerability.
We recommend upgrading past commit
3e91b0ebd994635df2346353322ac51ce84ce6d8.
- CVE-2023-4273 <https://nvd.nist.gov/vuln/detail/CVE-2023-4273> CVSSv3
score: 6.7(Medium)
A flaw was found in the exFAT driver of the Linux kernel.
The vulnerability exists in the implementation of the file name
reconstruction function, which is responsible for reading file name entries
from a directory index and merging file name parts belonging to one file
into a single long file name. Since the file name characters are copied
into a stack variable, a local privileged attacker could use this flaw to
overflow the kernel stack.
- CVE-2023-42752
<https://nvd.nist.gov/vuln/detail/CVE-2023-42752> CVSSv3
score: n/a
An integer overflow flaw was found in the Linux kernel. This
issue leads to the kernel allocating skb_shared_info in the
userspace, which is exploitable in systems without SMAP protection since
skb_shared_info contains references to function pointers.
- CVE-2023-42753
<https://nvd.nist.gov/vuln/detail/CVE-2023-42753> CVSSv3
score: 7.8(High)
An array indexing vulnerability was found in the netfilter
subsystem of the Linux kernel. A missing macro could lead to a
miscalculation of the h->nets array offset, providing
attackers with the primitive to arbitrarily increment/decrement a memory
buffer out-of-bound. This issue may allow a local user to crash the system
or potentially escalate their privileges on the system.
- CVE-2023-42754
<https://nvd.nist.gov/vuln/detail/CVE-2023-42754> CVSSv3
score: n/a
A NULL pointer dereference flaw was found in the Linux
kernel ipv4 stack. The socket buffer (skb) was assumed to be associated
with a device before calling __ip_options_compile, which is not always the
case if the skb is re-routed by ipvs. This issue may allow a local user
with CAP_NET_ADMIN privileges to crash the system.
- CVE-2023-42755
<https://nvd.nist.gov/vuln/detail/CVE-2023-42755> CVSSv3
score: 5.5(Medium)
A flaw was found in the IPv4 Resource Reservation Protocol
(RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the
linear part of the skb, leading to an out-of-bounds read in the
rsvp_classify function. This issue may allow a local user to
crash the system and cause a denial of service.
- CVE-2023-4385
<https://nvd.nist.gov/vuln/detail/CVE-2023-4385> CVSSv3
score: n/a
A NULL pointer dereference flaw was found in dbFree in
fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel.
This issue may allow a local attacker to crash the system due to a missing
sanity check.
- CVE-2023-4387
<https://nvd.nist.gov/vuln/detail/CVE-2023-4387> CVSSv3
score: n/a
A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf
in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC
driver in the Linux Kernel. This issue could allow a local attacker to
crash the system due to a double-free while cleaning up
vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak
problem.
- CVE-2023-4389
<https://nvd.nist.gov/vuln/detail/CVE-2023-4389> CVSSv3
score: 7.1(High)
A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c
in the btrfs filesystem in the Linux Kernel due to a double decrement of
the reference count. This issue may allow a local attacker with user
privilege to crash the system or may lead to leaked internal kernel
information.
- CVE-2023-4394
<https://nvd.nist.gov/vuln/detail/CVE-2023-4394> CVSSv3
score: 6(Medium)
A use-after-free flaw was found in
btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in
the Linux Kernel. This flaw allows a local attacker with special privileges
to cause a system crash or leak internal kernel information
- CVE-2023-44466
<https://nvd.nist.gov/vuln/detail/CVE-2023-44466> CVSSv3
score: 8.8(High)
An issue was discovered in net/ceph/messenger_v2.c in the
Linux kernel before 6.4.5. There is an integer signedness error, leading to
a buffer overflow and remote code execution via HELLO or one of the AUTH
frames. This occurs because of an untrusted length taken from a TCP packet
in ceph_decode_32.
- CVE-2023-4459
<https://nvd.nist.gov/vuln/detail/CVE-2023-4459> CVSSv3
score: n/a
A NULL pointer dereference flaw was found in
vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking
sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local
attacker with normal user privilege to cause a denial of service due to a
missing sanity check during cleanup.
- CVE-2023-4569
<https://nvd.nist.gov/vuln/detail/CVE-2023-4569> CVSSv3
score: 5.5(Medium)
A memory leak flaw was found in nft_set_catchall_flush in
net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a
local attacker to cause double-deactivations of catchall elements, which
can result in a memory leak.
- CVE-2023-45862
<https://nvd.nist.gov/vuln/detail/CVE-2023-45862> CVSSv3
score: 5.5(Medium)
An issue was discovered in drivers/usb/storage/ene_ub6250.c
for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An
object could potentially extend beyond the end of an allocation.
- CVE-2023-45863
<https://nvd.nist.gov/vuln/detail/CVE-2023-45863> CVSSv3
score: 6.4(Medium)
An issue was discovered in lib/kobject.c in the Linux kernel
before 6.2.3. With root access, an attacker can trigger a race condition
that results in a fill_kobj_path out-of-bounds write.
- CVE-2023-45871
<https://nvd.nist.gov/vuln/detail/CVE-2023-45871> CVSSv3
score: 7.5(High)
An issue was discovered in
drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux
kernel before 6.5.3. A buffer size may not be adequate for frames larger
than the MTU.
- CVE-2023-4623
<https://nvd.nist.gov/vuln/detail/CVE-2023-4623> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's
net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited
to achieve local privilege escalation.
If a class with a link-sharing curve (i.e. with the HFSC_FSC
flag set) has a parent without a link-sharing curve, then init_vf() will
call vttree_insert() on the parent, but vttree_remove() will be skipped in
update_vf(). This leaves a dangling pointer that can cause a use-after-free.
We recommend upgrading past commit
b3d26c5702c7d6c45456326e56d2ccf3f103e60f.
- CVE-2023-46813
<https://nvd.nist.gov/vuln/detail/CVE-2023-46813> CVSSv3
score: 7(High)
An issue was discovered in the Linux kernel before 6.5.9,
exploitable by local users with userspace access to MMIO registers.
Incorrect access checking in the #VC handler and instruction emulation of
the SEV-ES emulation of MMIO accesses could lead to arbitrary write access
to kernel memory (and thus privilege escalation). This depends on a race
condition through which userspace can replace an instruction before the #VC
handler reads it.
- CVE-2023-46862
<https://nvd.nist.gov/vuln/detail/CVE-2023-46862> CVSSv3
score: 4.7(Medium)
An issue was discovered in the Linux kernel through 6.5.9.
During a race with SQ thread exit, an io_uring/fdinfo.c
io_uring_show_fdinfo NULL pointer dereference can occur.
- CVE-2023-4921
<https://nvd.nist.gov/vuln/detail/CVE-2023-4921> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's
net/sched: sch_qfq component can be exploited to achieve local privilege
escalation.
When the plug qdisc is used as a class of the qfq qdisc,
sending network packets triggers use-after-free in qfq_dequeue() due to the
incorrect .peek handler of sch_plug and lack of error checking in
agg_dequeue().
We recommend upgrading past commit
8fc134fee27f2263988ae38920bc03da416b03d8.
-
CVE-2023-5090
<https://nvd.nist.gov/vuln/detail/CVE-2023-5090> CVSSv3
score: 5.5(Medium)
A flaw was found in KVM. An improper check in
svm_set_x2apic_msr_interception() may allow direct access to host x2apic
msrs when the guest resets its apic, potentially leading to a denial of
service condition.
-
CVE-2023-5158
<https://nvd.nist.gov/vuln/detail/CVE-2023-5158> CVSSv3
score: 5.5(Medium)
A flaw was found in vringh_kiov_advance in
drivers/vhost/vringh.c in the host side of a virtio ring in the Linux
Kernel. This issue may result in a denial of service from guest to host via
zero length descriptor.
-
CVE-2023-51779
<https://nvd.nist.gov/vuln/detail/CVE-2023-51779> CVSSv3
score: n/a
-
CVE-2023-51780
<https://nvd.nist.gov/vuln/detail/CVE-2023-51780> CVSSv3
score: n/a
An issue was discovered in the Linux kernel before 6.6.8.
do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a
vcc_recvmsg race condition.
-
CVE-2023-51781
<https://nvd.nist.gov/vuln/detail/CVE-2023-51781> CVSSv3
score: n/a
An issue was discovered in the Linux kernel before 6.6.8.
atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an
atalk_recvmsg race condition.
-
CVE-2023-51782
<https://nvd.nist.gov/vuln/detail/CVE-2023-51782> CVSSv3
score: n/a
An issue was discovered in the Linux kernel before 6.6.8.
rose_ioctl in net/rose/af_rose.c has a use-after-free because of a
rose_accept race condition.
-
CVE-2023-5197
<https://nvd.nist.gov/vuln/detail/CVE-2023-5197> CVSSv3
score: 6.6(Medium)
A use-after-free vulnerability in the Linux kernel's
netfilter: nf_tables component can be exploited to achieve local privilege
escalation.
Addition and removal of rules from chain bindings within the
same transaction causes leads to use-after-free.
We recommend upgrading past commit
f15f29fd4779be8a418b66e9d52979bb6d6c2325.
- CVE-2023-5345 <https://nvd.nist.gov/vuln/detail/CVE-2023-5345> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's
fs/smb/client component can be exploited to achieve local privilege
escalation.
In case of an error in smb3_fs_context_parse_param,
ctx->password was freed but the field was not set to NULL which could lead
to double free.
We recommend upgrading past commit
e6e43b8aa7cd3c3af686caf0c2e11819a886d705.
- CVE-2023-5717 <https://nvd.nist.gov/vuln/detail/CVE-2023-5717> CVSSv3
score: n/a
A heap out-of-bounds write vulnerability in the Linux
kernel's Linux Kernel Performance Events (perf) component can be exploited
to achieve local privilege escalation.
If perf_read_group() is called while an event's sibling_list is
smaller than its child's sibling_list, it can increment or write to memory
locations outside of the allocated buffer.
We recommend upgrading past commit
32671e3799ca2e4590773fd0e63aaa4229e50c06.
-
CVE-2023-6121
<https://nvd.nist.gov/vuln/detail/CVE-2023-6121> CVSSv3
score: n/a
An out-of-bounds read vulnerability was found in the
NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote
attacker to send a crafted TCP packet, triggering a heap-based buffer
overflow that results in kmalloc data being printed and potentially leaked
to the kernel ring buffer (dmesg).
-
CVE-2023-6176
<https://nvd.nist.gov/vuln/detail/CVE-2023-6176> CVSSv3
score: 7.8(High)
A null pointer dereference flaw was found in the Linux
kernel API for the cryptographic algorithm scatterwalk functionality. This
issue occurs when a user constructs a malicious packet with specific socket
configuration, which could allow a local user to crash the system or
escalate their privileges on the system.
-
CVE-2023-6531
<https://nvd.nist.gov/vuln/detail/CVE-2023-6531> CVSSv3
score: n/a
-
CVE-2023-6546
<https://nvd.nist.gov/vuln/detail/CVE-2023-6546> CVSSv3
score: 7(High)
A race condition was found in the GSM 0710 tty multiplexor
in the Linux kernel. This issue occurs when two threads execute the
GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line
discipline enabled, and can lead to a use-after-free problem on a struct
gsm_dlci while restarting the gsm mux. This could allow a local
unprivileged user to escalate their privileges on the system.
-
CVE-2023-6606
<https://nvd.nist.gov/vuln/detail/CVE-2023-6606> CVSSv3
score: n/a
An out-of-bounds read vulnerability was found in smbCalcSize
in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a
local attacker to crash the system or leak internal kernel information.
-
CVE-2023-6622
<https://nvd.nist.gov/vuln/detail/CVE-2023-6622> CVSSv3
score: n/a
A null pointer dereference vulnerability was found in
nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux
kernel. This issue may allow a local attacker with CAP_NET_ADMIN user
privilege to trigger a denial of service.
-
CVE-2023-6817
<https://nvd.nist.gov/vuln/detail/CVE-2023-6817> CVSSv3
score: n/a
A use-after-free vulnerability in the Linux kernel's
netfilter: nf_tables component can be exploited to achieve local privilege
escalation.
The function nft_pipapo_walk did not skip inactive elements
during set walk which could lead double deactivations of PIPAPO (Pile
Packet Policies) elements, leading to use-after-free.
We recommend upgrading past commit
317eb9685095678f2c9f5a8189de698c5354316a.
- CVE-2023-6931 <https://nvd.nist.gov/vuln/detail/CVE-2023-6931> CVSSv3
score: n/a
A heap out-of-bounds write vulnerability in the Linux
kernel's Performance Events system component can be exploited to achieve
local privilege escalation.
A perf_event's read_size can overflow, leading to an heap
out-of-bounds increment or write in perf_read_group().
We recommend upgrading past commit
382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
- CVE-2023-6932 <https://nvd.nist.gov/vuln/detail/CVE-2023-6932> CVSSv3
score: 7(High)
A use-after-free vulnerability in the Linux kernel's ipv4:
igmp component can be exploited to achieve local privilege escalation.
A race condition can be exploited to cause a timer be
mistakenly registered on a RCU read locked object which is freed by another
thread.
We recommend upgrading past commit
e2b706c691905fe78468c361aaabc719d0a496f1.
-
CVE-2023-7192
<https://nvd.nist.gov/vuln/detail/CVE-2023-7192> CVSSv3
score: 4.4(Medium)
A memory leak problem was found in
ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the
Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN
privileges to cause a denial of service (DoS) attack due to a refcount
overflow.
-
OpenSSL
- CVE-2023-3446
<https://nvd.nist.gov/vuln/detail/CVE-2023-3446> CVSSv3
score: 5.3(Medium)
Issue summary: Checking excessively long DH keys or
parameters may be very slow.
Impact summary: Applications that use the functions DH_check(),
DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters
may experience long
delays. Where the key or parameters that are being checked have
been obtained
from an untrusted source this may lead to a Denial of Service.
The function DH_check() performs various checks on DH
parameters. One of those
checks confirms that the modulus ('p' parameter) is not too
large. Trying to use
a very large modulus is slow and OpenSSL will not normally use
a modulus which
is over 10,000 bits in length.
However the DH_check() function checks numerous aspects of the
key or parameters
that have been supplied. Some of those checks use the supplied
modulus value
even if it has already been found to be too large.
An application that calls DH_check() and supplies a key or
parameters obtained
from an untrusted source could be vulernable to a Denial of
Service attack.
The function DH_check() is itself called by a number of other
OpenSSL functions.
An application calling any of those other functions may
similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().
Also vulnerable are the OpenSSL dhparam and pkeyparam command
line applications
when using the '-check' option.
The OpenSSL SSL/TLS implementation is not affected by this
issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this
issue.
- CVE-2023-2975 <https://nvd.nist.gov/vuln/detail/CVE-2023-2975> CVSSv3
score: 5.3(Medium)
Issue summary: The AES-SIV cipher implementation contains a
bug that causes
it to ignore empty associated data entries which are
unauthenticated as
a consequence.
Impact summary: Applications that use the AES-SIV algorithm and
want to
authenticate empty data entries as associated data can be
mislead by removing
adding or reordering such empty entries as these are ignored by
the OpenSSL
implementation. We are currently unaware of any such
applications.
The AES-SIV algorithm allows for authentication of multiple
associated
data entries along with the encryption. To authenticate empty
data the
application has to call EVP_EncryptUpdate() (or
EVP_CipherUpdate()) with
NULL pointer as the output buffer and 0 as the input buffer
length.
The AES-SIV implementation in OpenSSL just returns success for
such a call
instead of performing the associated data authentication
operation.
The empty data thus will not be authenticated.
As this issue does not affect non-empty associated data
authentication and
we expect it to be rare for an application to use empty
associated data
entries this is qualified as Low severity issue.
- CVE-2023-2650 <https://nvd.nist.gov/vuln/detail/CVE-2023-2650> CVSSv3
score: 6.5(Medium)
Issue summary: Processing some specially crafted ASN.1
object identifiers or
data containing them may be very slow.
Impact summary: Applications that use OBJ_obj2txt() directly,
or use any of
the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS
with no message
size limit may experience notable to very long delays when
processing those
messages, which may lead to a Denial of Service.
An OBJECT IDENTIFIER is composed of a series of numbers -
sub-identifiers -
most of which have no size limit. OBJ_obj2txt() may be used to
translate
an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using
the OpenSSL
type ASN1_OBJECT) to its canonical numeric text form, which are
the
sub-identifiers of the OBJECT IDENTIFIER in decimal form,
separated by
periods.
When one of the sub-identifiers in the OBJECT IDENTIFIER is
very large
(these are sizes that are seen as absurdly large, taking up
tens or hundreds
of KiBs), the translation to a decimal number in text may take
a very long
time. The time complexity is O(n^2) with 'n' being the size of
the
sub-identifiers in bytes (*).
With OpenSSL 3.0, support to fetch cryptographic algorithms
using names /
identifiers in string form was introduced. This includes using
OBJECT
IDENTIFIERs in canonical numeric text form as identifiers for
fetching
algorithms.
Such OBJECT IDENTIFIERs may be received through the ASN.1
structure
AlgorithmIdentifier, which is commonly used in multiple
protocols to specify
what cryptographic algorithm should be used to sign or verify,
encrypt or
decrypt, or digest passed data.
Applications that call OBJ_obj2txt() directly with untrusted
data are
affected, with any version of OpenSSL. If the use is for the
mere purpose
of display, the severity is considered low.
In OpenSSL 3.0 and newer, this affects the subsystems OCSP,
PKCS7/SMIME,
CMS, CMP/CRMF or TS. It also impacts anything that processes
X.509
certificates, including simple things like verifying its
signature.
The impact on TLS is relatively low, because all versions of
OpenSSL have a
100KiB limit on the peer's certificate chain. Additionally,
this only
impacts clients, or servers that have explicitly enabled client
authentication.
In OpenSSL 1.1.1 and 1.0.2, this only affects displaying
diverse objects,
such as X.509 certificates. This is assumed to not happen in
such a way
that it would cause a Denial of Service, so these versions are
considered
not affected by this issue in such a way that it would be cause
for concern,
and the severity is therefore considered low.
-
Python
- CVE-2023-41105
<https://nvd.nist.gov/vuln/detail/CVE-2023-41105> CVSSv3
score: 7.5(High)
An issue was discovered in Python 3.11 through 3.11.4. If
a path containing '\0' bytes is passed to os.path.normpath(), the path will
be truncated unexpectedly at the first '\0' byte. There are plausible cases
in which an application would have rejected a filename for security reasons
in Python 3.10.x or earlier, but that filename is no longer rejected in
Python 3.11.x.
- CVE-2023-40217
<https://nvd.nist.gov/vuln/detail/CVE-2023-40217> CVSSv3
score: 5.3(Medium)
An issue was discovered in Python before 3.8.18, 3.9.x
before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It
primarily affects servers (such as HTTP servers) that use TLS client
authentication. If a TLS server-side socket is created, receives data into
the socket buffer, and then is closed quickly, there is a brief window
where the SSLSocket instance will detect the socket as "not connected" and
won't initiate a handshake, but buffered data will still be readable from
the socket buffer. This data will not be authenticated if the server-side
TLS peer is expecting client certificate authentication, and is
indistinguishable from valid TLS stream data. Data is limited in size to
the amount that will fit in the buffer. (The TLS connection cannot directly
be used for data exfiltration because the vulnerable code path requires
that the connection be closed on initialization of the SSLSocket.)
-
SDK: Rust
- CVE-2023-38497
<https://nvd.nist.gov/vuln/detail/CVE-2023-38497> CVSSv3
score: 7.3(High)
Cargo downloads the Rust project’s dependencies and
compiles the project. Cargo prior to version 0.72.2, bundled with Rust
prior to version 1.71.1, did not respect the umask when extracting crate
archives on UNIX-like systems. If the user downloaded a crate containing
files writeable by any local user, another local user could exploit this to
change the source code compiled and executed by the current user. To
prevent existing cached extractions from being exploitable, the Cargo
binary version 0.72.2 included in Rust 1.71.1 or later will purge caches
generated by older Cargo versions automatically. As a workaround, configure
one's system to prevent other local users from accessing the Cargo
directory, usually located in ~/.cargo.
-
VMware: open-vm-tools
- CVE-2023-20900
<https://nvd.nist.gov/vuln/detail/CVE-2023-20900> CVSSv3
score: 7.5(High)
A malicious actor that has been granted Guest Operation
Privileges
https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in
a target virtual machine may be able to elevate their privileges if that
target virtual machine has been assigned a more privileged Guest Alias
https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html
.
- CVE-2023-20867
<https://nvd.nist.gov/vuln/detail/CVE-2023-20867> CVSSv3
score: n/a
A fully compromised ESXi host can force VMware Tools to
fail to authenticate host-to-guest operations, impacting the
confidentiality and integrity of the guest virtual machine.
-
binutils
- CVE-2023-1579
<https://nvd.nist.gov/vuln/detail/CVE-2023-1579> CVSSv3
score: 7.8(High)
Heap based buffer overflow in binutils-gdb/bfd/libbfd.c
in bfd_getl64.
- CVE-2022-4285
<https://nvd.nist.gov/vuln/detail/CVE-2022-4285> CVSSv3
score: 5.5(Medium)
An illegal memory access flaw was found in the binutils
package. Parsing an ELF file containing corrupt symbol version information
may result in a denial of service. This issue is the result of an
incomplete fix for CVE-2020-16599.
- CVE-2022-38533
<https://nvd.nist.gov/vuln/detail/CVE-2022-38533> CVSSv3
score: 5.5(Medium)
In GNU Binutils before 2.40, there is a
heap-buffer-overflow in the error function bfd_getl32 when called from the
strip_main function in strip-new via a crafted file.
-
c-ares
-
CVE-2023-32067
<https://nvd.nist.gov/vuln/detail/CVE-2023-32067> CVSSv3
score: n/a
c-ares is an asynchronous resolver library. c-ares is
vulnerable to denial of service. If a target resolver sends a query, the
attacker forges a malformed UDP packet with a length of 0 and returns them
to the target resolver. The target resolver erroneously interprets the 0
length as a graceful shutdown of the connection. This issue has been
patched in version 1.19.1.
-
CVE-2023-31147
<https://nvd.nist.gov/vuln/detail/CVE-2023-31147> CVSSv3
score: 6.5(Medium)
c-ares is an asynchronous resolver library. When
/dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to
generate random numbers used for DNS query ids. This is not a CSPRNG, and
it is also not seeded by srand() so will generate predictable output. Input
from the random number generator is fed into a non-compilant RC4
implementation and may not be as strong as the original RC4 implementation.
No attempt is made to look for modern OS-provided CSPRNGs like arc4random()
that is widely available. This issue has been fixed in version 1.19.1.
-
CVE-2023-31130
<https://nvd.nist.gov/vuln/detail/CVE-2023-31130> CVSSv3
score: 6.4(Medium)
c-ares is an asynchronous resolver library.
ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6
addresses, in particular "0::00:00:00/2" was found to cause an issue.
C-ares only uses this function internally for configuration purposes which
would require an administrator to configure such an address via
ares_set_sortlist(). However, users may externally use ares_inet_net_pton()
for other purposes and thus be vulnerable to more severe issues. This issue
has been fixed in 1.19.1.
-
CVE-2023-31124
<https://nvd.nist.gov/vuln/detail/CVE-2023-31124> CVSSv3
score: n/a
c-ares is an asynchronous resolver library. When
cross-compiling c-ares and using the autotools build system,
CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64
android. This will downgrade to using rand() as a fallback which could
allow an attacker to take advantage of the lack of entropy by not using a
CSPRNG. This issue was patched in version 1.19.1.
-
curl
- CVE-2023-38546
<https://nvd.nist.gov/vuln/detail/CVE-2023-38546> CVSSv3
score: 3.7(Low)
This flaw allows an attacker to insert cookies at will
into a running program
using libcurl, if the specific series of conditions are
met.
libcurl performs transfers. In its API, an application creates
"easy handles"
that are the individual handles for single transfers.
libcurl provides a function call that duplicates en easy handle
called
curl_easy_duphandle
<https://curl.se/libcurl/c/curl_easy_duphandle.html>.
If a transfer has cookies enabled when the handle is
duplicated, the
cookie-enable state is also cloned - but without cloning the
actual
cookies. If the source handle did not read any cookies from a
specific file on
disk, the cloned version of the handle would instead store the
file name as
none (using the four ASCII letters, no quotes).
Subsequent use of the cloned handle that does not explicitly
set a source to
load cookies from would then inadvertently load cookies from a
file named
none - if such a file exists and is readable in the current
directory of the
program using libcurl. And if using the correct file format of
course.
- CVE-2023-38545
<https://nvd.nist.gov/vuln/detail/CVE-2023-38545> CVSSv3
score: 9.8(Critical)
This flaw makes curl overflow a heap based buffer in the
SOCKS5 proxy
handshake.
When curl is asked to pass along the host name to the SOCKS5
proxy to allow
that to resolve the address instead of it getting done by curl
itself, the
maximum length that host name can be is 255 bytes.
If the host name is detected to be longer, curl switches to
local name
resolving and instead passes on the resolved address only. Due
to this bug,
the local variable that means "let the host resolve the name"
could get the
wrong value during a slow SOCKS5 handshake, and contrary to the
intention,
copy the too long host name to the target buffer instead of
copying just the
resolved address there.
The target buffer being a heap based buffer, and the host name
coming from the
URL that curl has been told to operate with.
- CVE-2023-38039
<https://nvd.nist.gov/vuln/detail/CVE-2023-38039> CVSSv3
score: 7.5(High)
When curl retrieves an HTTP response, it stores the incoming
headers so that
they can be accessed later via the libcurl headers API.
However, curl did not have a limit in how many or how large
headers it would
accept in a response, allowing a malicious server to stream an
endless series
of headers and eventually cause curl to run out of heap memory.
- CVE-2023-28322
<https://nvd.nist.gov/vuln/detail/CVE-2023-28322> CVSSv3
score: 3.7(Low)
An information disclosure vulnerability exists in curl
<v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the
read callback (CURLOPT_READFUNCTION) to ask for data to
send, even when the CURLOPT_POSTFIELDS option has been set,
if the same handle previously wasused to issue a PUT request
which used that callback. This flaw may surprise the application and cause
it to misbehave and either send off the wrong data or use memory after free
or similar in the second transfer. The problem exists in the logic for a
reused handle when it is (expected to be) changed from a PUT to a POST.
-
CVE-2023-28321
<https://nvd.nist.gov/vuln/detail/CVE-2023-28321> CVSSv3
score: 5.9(Medium)
An improper certificate validation vulnerability exists in
curl <v8.1.0 in the way it supports matching of wildcard patterns when
listed as "Subject Alternative Name" in TLS server certificates. curl can
be built to use its own name matching function for TLS rather than one
provided by a TLS library. This private wildcard matching function would
match IDN (International Domain Name) hosts incorrectly and could as a
result accept patterns that otherwise should mismatch. IDN hostnames are
converted to puny code before used for certificate checks. Puny coded names
always start with xn-- and should not be allowed to pattern
match, but the wildcard check in curl could still check for
x*, which would match even though the IDN name most likely
contained nothing even resembling an x.
-
CVE-2023-28320
<https://nvd.nist.gov/vuln/detail/CVE-2023-28320> CVSSv3
score: 5.9(Medium)
A denial of service vulnerability exists in curl <v8.1.0 in
the way libcurl provides several different backends for resolving host
names, selected at build time. If it is built to use the synchronous
resolver, it allows name resolves to time-out slow operations using
alarm() and siglongjmp(). When doing this, libcurl used a
global buffer that was not mutex protected and a multi-threaded application
might therefore crash or otherwise misbehave.
-
CVE-2023-28319
<https://nvd.nist.gov/vuln/detail/CVE-2023-28319> CVSSv3
score: 7.5(High)
A use after free vulnerability exists in curl <v8.1.0 in the
way libcurl offers a feature to verify an SSH server's public key using a
SHA 256 hash. When this check fails, libcurl would free the memory for the
fingerprint before it returns an error message containing the (now freed)
hash. This flaw risks inserting sensitive heap-based data into the error
message that might be shown to users or otherwise get leaked and revealed.
-
git
- CVE-2023-29007
<https://nvd.nist.gov/vuln/detail/CVE-2023-29007> CVSSv3
score: 7.8(High)
Git is a revision control system. Prior to versions
2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5,
2.39.3, and 2.40.1, a specially crafted .gitmodules file
with submodule URLs that are longer than 1024 characters can used to
exploit a bug in
config.c::git_config_copy_or_rename_section_in_file().
This bug can be used to inject arbitrary configuration into a user's
$GIT_DIR/config when attempting to remove the
configuration section associated with that submodule. When the attacker
injects configuration values which specify executables to run (such as
core.pager, core.editor, core.sshCommand, etc.) this can
lead to a remote code execution. A fix A fix is available in versions
2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5,
2.39.3, and 2.40.1. As a workaround, avoid running git
submodule deinit on untrusted repositories or without
prior inspection of any submodule sections in
$GIT_DIR/config.
- CVE-2023-25815
<https://nvd.nist.gov/vuln/detail/CVE-2023-25815> CVSSv3
score: 2.2(Low)
In Git for Windows, the Windows port of Git, no localized
messages are shipped with the installer. As a consequence, Git is expected
not to localize messages at all, and skips the gettext initialization.
However, due to a change in MINGW-packages, the gettext() function's
implicit initialization no longer uses the runtime prefix but uses the
hard-coded path C:\mingw64\share\locale to look for
localized messages. And since any authenticated user has the permission to
create folders in C:\ (and since C:\mingw64 does not
typically exist), it is possible for low-privilege users to place fake
messages in that location where git.exe will pick them up
in version 2.40.1.
This vulnerability is relatively hard to exploit and
requires social engineering. For example, a legitimate message at the end
of a clone could be maliciously modified to ask the user to direct their
web browser to a malicious website, and the user might think that the
message comes from Git and is legitimate. It does require local write
access by the attacker, though, which makes this attack vector less likely.
Version 2.40.1 contains a patch for this issue. Some workarounds are
available. Do not work on a Windows machine with shared accounts, or
alternatively create a C:\mingw64 folder and leave it empty.
Users who have administrative rights may remove the permission to create
folders in C:\.
-
-
CVE-2023-25652
<https://nvd.nist.gov/vuln/detail/CVE-2023-25652> CVSSv3
score: n/a
Git is a revision control system. Prior to versions
2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5,
2.39.3, and 2.40.1, by feeding specially crafted input to git
apply --reject, a path outside the working tree can be
overwritten with partially controlled contents (corresponding to the
rejected hunk(s) from the given patch). A fix is available in versions
2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5,
2.39.3, and 2.40.1. As a workaround, avoid using git apply
with --reject when applying patches from an untrusted
source. Use git apply --stat to inspect a patch before
applying; avoid applying one that create a conflict where a link
corresponding to the *.rej file exists.
-
glibc
- CVE-2023-4911
<https://nvd.nist.gov/vuln/detail/CVE-2023-4911> CVSSv3
score: n/a
A buffer overflow was discovered in the GNU C
Library's dynamic loader ld.so while processing the
GLIBC_TUNABLES environment variable. This issue could allow a local
attacker to use maliciously crafted GLIBC_TUNABLES environment variables
when launching binaries with SUID permission to execute code with elevated
privileges.
- CVE-2023-4806
<https://nvd.nist.gov/vuln/detail/CVE-2023-4806> CVSSv3
score: n/a
A flaw was found in glibc. In an extremely rare
situation, the getaddrinfo function may access memory that has been freed,
resulting in an application crash. This issue is only exploitable when a
NSS module implements only the *nss**_gethostbyname2_r
and nss*_getcanonname_r hooks without implementing the
*nss**_gethostbyname3_r hook. The resolved name should
return a large number of IPv6 and IPv4, and the call to the getaddrinfo
function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL
and AI_V4MAPPED as flags.
- CVE-2023-4527
<https://nvd.nist.gov/vuln/detail/CVE-2023-4527> CVSSv3
score: n/a
A flaw was found in glibc. When the getaddrinfo
function is called with the AF_UNSPEC address family and the system is
configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP
larger than 2048 bytes can potentially disclose stack contents through the
function returned address data, and may cause a crash.
-
go
- CVE-2023-39325
<https://nvd.nist.gov/vuln/detail/CVE-2023-39325> CVSSv3
score: 7.5(High)
A malicious HTTP/2 client which rapidly creates
requests and immediately resets them can cause excessive server resource
consumption. While the total number of requests is bounded by the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress request
allows the attacker to create a new request while the existing one is still
executing. With the fix applied, HTTP/2 servers now bound the number of
simultaneously executing handler goroutines to the stream concurrency limit
(MaxConcurrentStreams). New requests arriving when at the limit (which can
only happen after the client has reset an existing, in-flight request) will
be queued until a handler exits. If the request queue grows too large, the
server will terminate the connection. This issue is also fixed in
golang.org/x/net/http2 for users manually configuring
HTTP/2. The default stream concurrency limit is 250 streams (requests) per
HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the
Server.MaxConcurrentStreams setting and the ConfigureServer function.
-
grub
- CVE-2023-4693
<https://nvd.nist.gov/vuln/detail/CVE-2023-4693> CVSSv3
score: 4.6(Medium)
An out-of-bounds read flaw was found on grub2's NTFS
filesystem driver. This issue may allow a physically present attacker to
present a specially crafted NTFS file system image to read arbitrary memory
locations. A successful attack allows sensitive data cached in memory or
EFI variable values to be leaked, presenting a high Confidentiality risk.
- CVE-2023-4692
<https://nvd.nist.gov/vuln/detail/CVE-2023-4692> CVSSv3
score: 7.8(High)
An out-of-bounds write flaw was found in grub2's NTFS
filesystem driver. This issue may allow an attacker to present a specially
crafted NTFS filesystem image, leading to grub's heap metadata corruption.
In some circumstances, the attack may also corrupt the UEFI firmware heap
metadata. As a result, arbitrary code execution and secure boot protection
bypass may be achieved.
- CVE-2022-3775
<https://nvd.nist.gov/vuln/detail/CVE-2022-3775> CVSSv3
score: 7.1(High)
When rendering certain unicode sequences, grub2's font
code doesn't proper validate if the informed glyph's width and height is
constrained within bitmap size. As consequence an attacker can craft an
input which will lead to a out-of-bounds write into grub2's heap, leading
to memory corruption and availability issues. Although complex, arbitrary
code execution could not be discarded.
- CVE-2022-28737
<https://nvd.nist.gov/vuln/detail/CVE-2022-28737> CVSSv3
score: 7.8(High)
There's a possible overflow in handle_image() when
shim tries to load and execute crafted EFI executables; The handle_image()
function takes into account the SizeOfRawData field from each section to be
loaded. An attacker can leverage this to perform out-of-bound writes into
memory. Arbitrary code execution is not discarded in such scenario.
- CVE-2022-28736
<https://nvd.nist.gov/vuln/detail/CVE-2022-28736> CVSSv3
score: 7.8(High)
There's a use-after-free vulnerability in
grub_cmd_chainloader() function; The chainloader command is used to boot up
operating systems that doesn't support multiboot and do not have direct
support from GRUB2. When executing chainloader more than once a
use-after-free vulnerability is triggered. If an attacker can control the
GRUB2's memory allocation pattern sensitive data may be exposed and
arbitrary code execution can be achieved.
- CVE-2022-28735
<https://nvd.nist.gov/vuln/detail/CVE-2022-28735> CVSSv3
score: 7.8(High)
The GRUB2's shim_lock verifier allows non-kernel files
to be loaded on shim-powered secure boot systems. Allowing such files to be
loaded may lead to unverified code and modules to be loaded in GRUB2
breaking the secure boot trust-chain.
- CVE-2022-28734
<https://nvd.nist.gov/vuln/detail/CVE-2022-28734> CVSSv3
score: 7(High)
Out-of-bounds write when handling split HTTP headers;
When handling split HTTP headers, GRUB2 HTTP code accidentally moves its
internal data buffer point by one position. This can lead to a out-of-bound
write further when parsing the HTTP request, writing a NULL byte past the
buffer. It's conceivable that an attacker controlled set of packets can
lead to corruption of the GRUB2's internal memory metadata.
- CVE-2022-28733
<https://nvd.nist.gov/vuln/detail/CVE-2022-28733> CVSSv3
score: n/a
Integer underflow in grub_net_recv_ip4_packets; A
malicious crafted IP packet can lead to an integer underflow in
grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain
circumstances the total_len value may end up wrapping around to a small
integer number which will be used in memory allocation. If the attack
succeeds in such way, subsequent operations can write past the end of the
buffer.
- CVE-2022-2601
<https://nvd.nist.gov/vuln/detail/CVE-2022-2601> CVSSv3
score: 8.6(High)
A buffer overflow was found in
grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an
overflow when calculating the max_glyph_size value, allocating a smaller
than needed buffer for the glyph, this further leads to a buffer overflow
and a heap based out-of-bounds write. An attacker may use this
vulnerability to circumvent the secure boot mechanism.
- CVE-2021-3981
<https://nvd.nist.gov/vuln/detail/CVE-2021-3981> CVSSv3
score: 3.3(Low)
A flaw in grub2 was found where its configuration
file, known as grub.cfg, is being created with the wrong permission set
allowing non privileged users to read its content. This represents a low
severity confidentiality issue, as those users can eventually read any
encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and
previous versions. This issue has been fixed in grub upstream but no
version with the fix is currently released.
- CVE-2021-3697
<https://nvd.nist.gov/vuln/detail/CVE-2021-3697> CVSSv3
score: 7(High)
A crafted JPEG image may lead the JPEG reader to
underflow its data pointer, allowing user-controlled data to be written in
heap. To a successful to be performed the attacker needs to perform some
triage over the heap layout and craft an image with a malicious format and
payload. This vulnerability can lead to data corruption and eventual code
execution or secure boot circumvention. This flaw affects grub2 versions
prior grub-2.12.
- CVE-2021-3696
<https://nvd.nist.gov/vuln/detail/CVE-2021-3696> CVSSv3
score: 4.5(Medium)
A heap out-of-bounds write may heppen during the
handling of Huffman tables in the PNG reader. This may lead to data
corruption in the heap space. Confidentiality, Integrity and Availablity
impact may be considered Low as it's very complex to an attacker control
the encoding and positioning of corrupted Huffman entries to achieve
results such as arbitrary code execution and/or secure boot circumvention.
This flaw affects grub2 versions prior grub-2.12.
- CVE-2021-3695
<https://nvd.nist.gov/vuln/detail/CVE-2021-3695> CVSSv3
score: 4.5(Medium)
A crafted 16-bit grayscale PNG image may lead to a
out-of-bounds write in the heap area. An attacker may take advantage of
that to cause heap data corruption or eventually arbitrary code execution
and circumvent secure boot protections. This issue has a high complexity to
be exploited as an attacker needs to perform some triage over the heap
layout to achieve signifcant results, also the values written into the
memory are repeated three times in a row making difficult to produce valid
payloads. This flaw affects grub2 versions prior grub-2.12.
- CVE-2021-20233
<https://nvd.nist.gov/vuln/detail/CVE-2021-20233> CVSSv3
score: 8.2(High)
A flaw was found in grub2 in versions prior to 2.06.
Setparam_prefix() in the menu rendering code performs a length calculation
on the assumption that expressing a quoted single quote will require 3
characters, while it actually requires 4 characters which allows an
attacker to corrupt memory by one byte for each quote in the input. The
highest threat from this vulnerability is to data confidentiality and
integrity as well as system availability.
- CVE-2021-20225
<https://nvd.nist.gov/vuln/detail/CVE-2021-20225> CVSSv3
score: 6.7(Medium)
A flaw was found in grub2 in versions prior to 2.06.
The option parser allows an attacker to write past the end of a
heap-allocated buffer by calling certain commands with a large number of
specific short forms of options. The highest threat from this vulnerability
is to data confidentiality and integrity as well as system availability.
- CVE-2020-27779
<https://nvd.nist.gov/vuln/detail/CVE-2020-27779> CVSSv3
score: 7.5(High)
A flaw was found in grub2 in versions prior to 2.06.
The cutmem command does not honor secure boot locking allowing an
privileged attacker to remove address ranges from memory creating an
opportunity to circumvent SecureBoot protections after proper triage about
grub's memory layout. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability.
- CVE-2020-27749
<https://nvd.nist.gov/vuln/detail/CVE-2020-27749> CVSSv3
score: 6.7(Medium)
A flaw was found in grub2 in versions prior to 2.06.
Variable names present are expanded in the supplied command line into their
corresponding variable contents, using a 1kB stack buffer for temporary
storage, without sufficient bounds checking. If the function is called with
a command line that references a variable with a sufficiently large
payload, it is possible to overflow the stack buffer, corrupt the stack
frame and control execution which could also circumvent Secure Boot
protections. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability.
- CVE-2020-25647
<https://nvd.nist.gov/vuln/detail/CVE-2020-25647> CVSSv3
score: 7.6(High)
A flaw was found in grub2 in versions prior to 2.06.
During USB device initialization, descriptors are read with very little
bounds checking and assumes the USB device is providing sane values. If
properly exploited, an attacker could trigger memory corruption leading to
arbitrary code execution allowing a bypass of the Secure Boot mechanism.
The highest threat from this vulnerability is to data confidentiality and
integrity as well as system availability.
- CVE-2020-25632
<https://nvd.nist.gov/vuln/detail/CVE-2020-25632> CVSSv3
score: 8.2(High)
A flaw was found in grub2 in versions prior to 2.06.
The rmmod implementation allows the unloading of a module used as a
dependency without checking if any other dependent module is still loaded
leading to a use-after-free scenario. This could allow arbitrary code to be
executed or a bypass of Secure Boot protections. The highest threat from
this vulnerability is to data confidentiality and integrity as well as
system availability.
- CVE-2020-14372
<https://nvd.nist.gov/vuln/detail/CVE-2020-14372> CVSSv3
score: 7.5(High)
A flaw was found in grub2 in versions prior to 2.06,
where it incorrectly enables the usage of the ACPI command when Secure Boot
is enabled. This flaw allows an attacker with privileged access to craft a
Secondary System Description Table (SSDT) containing code to overwrite the
Linux kernel lockdown variable content directly into memory. The table is
further loaded and executed by the kernel, defeating its Secure Boot
lockdown and allowing the attacker to load unsigned code. The highest
threat from this vulnerability is to data confidentiality and integrity, as
well as system availability.
- CVE-2020-10713
<https://nvd.nist.gov/vuln/detail/CVE-2020-10713> CVSSv3
score: 8.2(High)
A flaw was found in grub2, prior to version 2.06. An
attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification
process. This flaw also allows the bypass of Secure Boot protections. In
order to load an untrusted or modified kernel, an attacker would first need
to establish access to the system such as gaining physical access, obtain
the ability to alter a pxe-boot network, or have remote access to a
networked system with root access. With this access, an attacker could then
craft a string to cause a buffer overflow by injecting a malicious payload
that leads to arbitrary code execution within GRUB. The highest threat from
this vulnerability is to data confidentiality and integrity as well as
system availability.
-
intel-microcode
- CVE-2023-23908
<https://nvd.nist.gov/vuln/detail/CVE-2023-23908> CVSSv3
score: 4.4(Medium)
Improper access control in some 3rd Generation Intel®
Xeon® Scalable processors may allow a privileged user to potentially enable
information disclosure via local access.
- CVE-2022-41804
<https://nvd.nist.gov/vuln/detail/CVE-2022-41804> CVSSv3
score: 6.7(Medium)
Unauthorized error injection in Intel® SGX or Intel®
TDX for some Intel® Xeon® Processors may allow a privileged user to
potentially enable escalation of privilege via local access.
- CVE-2022-40982
<https://nvd.nist.gov/vuln/detail/CVE-2022-40982> CVSSv3
score: n/a
Information exposure through microarchitectural state
after transient execution in certain vector execution units for some Intel®
Processors may allow an authenticated user to potentially enable
information disclosure via local access.
-
libcap
- CVE-2023-2603
<https://nvd.nist.gov/vuln/detail/CVE-2023-2603> CVSSv3
score: 7.8(High)
A vulnerability was found in libcap. This issue occurs
in the _libcap_strdup() function and can lead to an integer overflow if the
input string is close to 4GiB.
- CVE-2023-2602
<https://nvd.nist.gov/vuln/detail/CVE-2023-2602> CVSSv3
score: 3.3(Low)
A vulnerability was found in the pthread_create()
function in libcap. This issue may allow a malicious actor to use cause
__real_pthread_create() to return an error, which can exhaust the process
memory.
-
libmicrohttpd
- CVE-2023-27371
<https://nvd.nist.gov/vuln/detail/CVE-2023-27371> CVSSv3
score: n/a
GNU libmicrohttpd before 0.9.76 allows remote DoS
(Denial of Service) due to improper parsing of a multipart/form-data
boundary in the postprocessor.c MHD_create_post_processor() method. This
allows an attacker to remotely send a malicious HTTP POST packet that
includes one or more '\0' bytes in a multipart/form-data boundary field,
which - assuming a specific heap layout - will result in an out-of-bounds
read and a crash in the find_boundary() function.
-
lua
- CVE-2022-33099
<https://nvd.nist.gov/vuln/detail/CVE-2022-33099> CVSSv3
score: 7.5(High)
An issue in the component luaG_runerror of Lua v5.4.4
and below leads to a heap-buffer overflow when a recursive error occurs.
-
mit-krb5
- CVE-2023-36054
<https://nvd.nist.gov/vuln/detail/CVE-2023-36054> CVSSv3
score: 6.5(Medium)
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5)
before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A
remote authenticated user can trigger a kadmind crash. This occurs because
_xdr_kadm5_principal_ent_rec does not validate the relationship between
n_key_data and the key_data array count.
-
ncurses
- CVE-2023-29491
<https://nvd.nist.gov/vuln/detail/CVE-2023-29491> CVSSv3
score: 7.8(High)
ncurses before 6.4 20230408, when used by a setuid
application, allows local users to trigger security-relevant memory
corruption via malformed data in a terminfo database file that is found in
$HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
-
nvidia-drivers
- CVE-2023-25516
<https://nvd.nist.gov/vuln/detail/CVE-2023-25516> CVSSv3
score: n/a
NVIDIA GPU Display Driver for Linux contains a vulnerability
in the kernel mode layer, where an unprivileged user can cause an integer
overflow, which may lead to information disclosure and denial of service.
-
- CVE-2023-25515
<https://nvd.nist.gov/vuln/detail/CVE-2023-25515> CVSSv3
score: 7.6(High)
NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerability where unexpected untrusted data is parsed, which may lead to
code execution, denial of service, escalation of privileges, data
tampering, or information disclosure.
-
-
openldap
- CVE-2023-2953
<https://nvd.nist.gov/vuln/detail/CVE-2023-2953> CVSSv3
score: 7.5(High)
A vulnerability was found in openldap. This security
flaw causes a null pointer dereference in ber_memalloc_x() function.
-
procps
- CVE-2023-4016
<https://nvd.nist.gov/vuln/detail/CVE-2023-4016> CVSSv3
score: 3.3(Low)
Under some circumstances, this weakness allows a user
who has access to run the “ps” utility on a machine, the ability to write
almost unlimited amounts of unfiltered data into the process heap.
-
protobuf
- CVE-2022-1941
<https://nvd.nist.gov/vuln/detail/CVE-2022-1941> CVSSv3
score: 7.5(High)
A parsing vulnerability for the MessageSet type in the
ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2,
3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and
including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for
protobuf-python can lead to out of memory failures. A specially crafted
message with multiple key-value per elements creates parsing issues, and
can lead to a Denial of Service against services receiving unsanitized
input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6
for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python.
Versions for 3.16 and 3.17 are no longer updated.
-
qemu
- CVE-2023-2861
<https://nvd.nist.gov/vuln/detail/CVE-2023-2861> CVSSv3
score: 7.1(High)
A flaw was found in the 9p passthrough filesystem
(9pfs) implementation in QEMU. The 9pfs server did not prohibit opening
special files on the host side, potentially allowing a malicious client to
escape from the exported 9p tree by creating and opening a device file in
the shared folder.
- CVE-2023-0330
<https://nvd.nist.gov/vuln/detail/CVE-2023-0330> CVSSv3
score: 6(Medium)
A vulnerability in the lsi53c895a device affects the
latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory
corruption bugs like stack overflow or use-after-free.
-
samba
- CVE-2022-1615
<https://nvd.nist.gov/vuln/detail/CVE-2022-1615> CVSSv3
score: 5.5(Medium)
In Samba, GnuTLS gnutls_rnd() can fail and give
predictable random values.
- CVE-2021-44142
<https://nvd.nist.gov/vuln/detail/CVE-2021-44142> CVSSv3
score: 8.8(High)
The Samba vfs_fruit module uses extended file
attributes (EA, xattr) to provide "…enhanced compatibility with Apple SMB
clients and interoperability with a Netatalk 3 AFP fileserver." Samba
versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured
allow out-of-bounds heap read and write via specially crafted extended file
attributes. A remote attacker with write access to extended file attributes
can execute arbitrary code with the privileges of smbd, typically root.
-
shadow
- CVE-2023-29383
<https://nvd.nist.gov/vuln/detail/CVE-2023-29383> CVSSv3
score: 3.3(Low)
In Shadow 4.13, it is possible to inject control
characters into fields provided to the SUID program chfn (change finger).
Although it is not possible to exploit this directly (e.g., adding a new
user fails because \n is in the block list), it is possible to misrepresent
the /etc/passwd file when viewed. Use of \r manipulations and Unicode
characters to work around blocking of the : character make it possible to
give the impression that a new user has been added. In other words, an
adversary may be able to convince a system administrator to take the system
offline (an indirect, social-engineered denial of service) by demonstrating
that "cat /etc/passwd" shows a rogue user account.
-
sudo
- CVE-2023-28487
<https://nvd.nist.gov/vuln/detail/CVE-2023-28487> CVSSv3
score: 5.3(Medium)
Sudo before 1.9.13 does not escape control characters
in sudoreplay output.
- CVE-2023-28486
<https://nvd.nist.gov/vuln/detail/CVE-2023-28486> CVSSv3
score: 5.3(Medium)
Sudo before 1.9.13 does not escape control characters
in log messages.
- CVE-2023-27320
<https://nvd.nist.gov/vuln/detail/CVE-2023-27320> CVSSv3
score: 7.2(High)
Sudo before 1.9.13p2 has a double free in the
per-command chroot feature.
-
torcx
- CVE-2022-28948
<https://nvd.nist.gov/vuln/detail/CVE-2022-28948> CVSSv3
score: 7.5(High)
An issue in the Unmarshal function in Go-Yaml v3
causes the program to crash when attempting to deserialize invalid input.
-
vim
- CVE-2023-2610
<https://nvd.nist.gov/vuln/detail/CVE-2023-2610> CVSSv3
score: 7.8(High)
Integer Overflow or Wraparound in GitHub repository
vim/vim prior to 9.0.1532.
- CVE-2023-2609
<https://nvd.nist.gov/vuln/detail/CVE-2023-2609> CVSSv3
score: 5.5(Medium)
NULL Pointer Dereference in GitHub repository vim/vim
prior to 9.0.1531.
- CVE-2023-2426
<https://nvd.nist.gov/vuln/detail/CVE-2023-2426> CVSSv3
score: 5.5(Medium)
Use of Out-of-range Pointer Offset in GitHub
repository vim/vim prior to 9.0.1499.
Best,
The Flatcar Container Linux Maintainers
Reply all
Reply to author
Forward
0 new messages