Hello,
We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta, Stable channel.
Changes since Alpha 3717.0.0
Known issues:Changes since Beta 3602.1.5
Changes:Changes since Stable 3510.2.7
Security fixes:Security fix: With the Alpha 3732.0.0, Beta 3602.1.6, Stable 3510.2.8 releases we ship fixes for the CVEs listed below.
Alpha 3732.0.0Go
Linux
SDK: Python
nvidia-drivers
CVE-2023-25515 CVSSv3 score: 7.6(High)
NVIDIA GPU Display Driver
for Windows and Linux contains a vulnerability where unexpected
untrusted data is parsed, which may lead to code execution, denial of
service, escalation of privileges, data tampering, or information
disclosure.
CVE-2023-25516 CVSSv3 score: n/a
NVIDIA GPU Display Driver
for Linux contains a vulnerability in the kernel mode layer, where an
unprivileged user can cause an integer overflow, which may lead to
information disclosure and denial of service.
torcx
CVE-2023-20588 CVSSv3 score: 5.5(Medium)
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
CVE-2023-3772 CVSSv3 score: 4.4(Medium)
A flaw was found in the
Linux kernel’s IP framework for transforming packets (XFRM subsystem).
This issue may allow a malicious user with CAP_NET_ADMIN privileges to
directly dereference a NULL pointer in xfrm_update_ae_params(), leading
to a possible kernel crash and denial of service.
CVE-2023-40283 CVSSv3 score: 7.8(High)
An issue was discovered in
l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel
before 6.4.10. There is a use-after-free because the children of an sk
are mishandled.
CVE-2023-4128 CVSSv3 score: n/a
A use-after-free flaw was
found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and
cls_route) in the Linux Kernel. This flaw allows a local attacker to
perform a local privilege escalation due to incorrect handling of the
existing filter, leading to a kernel information leak issue.
CVE-2023-4206 CVSSv3 score: n/a
A use-after-free
vulnerability in the Linux kernel's net/sched: cls_route component can
be exploited to achieve local privilege escalation. When route4_change()
is called on an existing filter, the whole tcf_result struct is always
copied into the new instance of the filter. This causes a problem when
updating a filter bound to a class, as tcf_unbind_filter() is always
called on the old instance in the success path, decreasing filter_cnt of
the still referenced class and allowing it to be deleted, leading to a
use-after-free.
We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.
CVE-2023-4207 CVSSv3 score: n/a
A use-after-free
vulnerability in the Linux kernel's net/sched: cls_fw component can be
exploited to achieve local privilege escalation. When fw_change() is
called on an existing filter, the whole tcf_result struct is always
copied into the new instance of the filter. This causes a problem when
updating a filter bound to a class, as tcf_unbind_filter() is always
called on the old instance in the success path, decreasing filter_cnt of
the still referenced class and allowing it to be deleted, leading to a
use-after-free.
We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.
CVE-2023-4208 CVSSv3 score: n/a
A use-after-free
vulnerability in the Linux kernel's net/sched: cls_u32 component can be
exploited to achieve local privilege escalation. When u32_change() is
called on an existing filter, the whole tcf_result struct is always
copied into the new instance of the filter. This causes a problem when
updating a filter bound to a class, as tcf_unbind_filter() is always
called on the old instance in the success path, decreasing filter_cnt of
the still referenced class and allowing it to be deleted, leading to a
use-after-free.
We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
CVE-2023-4273 CVSSv3 score: 6.7(Medium)
A flaw was found in the
exFAT driver of the Linux kernel. The vulnerability exists in the
implementation of the file name reconstruction function, which is
responsible for reading file name entries from a directory index and
merging file name parts belonging to one file into a single long file
name. Since the file name characters are copied into a stack variable, a
local privileged attacker could use this flaw to overflow the kernel
stack.
CVE-2023-4569 CVSSv3 score: 5.5(Medium)
A memory leak flaw was found
in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux
Kernel. This issue may allow a local attacker to cause a
double-deactivations of catchall elements, which results in a memory
leak.