CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2023-26545 – kernel: mpls: double free on sysctl allocation failure
https://notcve.org/view.php?id=CVE-2023-26545
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377 https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230316-0009 https://access.redhat.com/security/cve/CVE-2023-26545 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 3CVE-2023-0045 – Incorrect indirect branch prediction barrier in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-0045
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 • https://github.com/ASkyeye/CVE-2023-0045 https://github.com/es0j/CVE-2023-0045 https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96 https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230714-0001 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 1CVE-2023-23914 – curl: HSTS ignored on multiple requests
https://notcve.org/view.php?id=CVE-2023-23914
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity. • https://hackerone.com/reports/1813864 https://security.gentoo.org/glsa/202310-12 https://security.netapp.com/advisory/ntap-20230309-0006 https://access.redhat.com/security/cve/CVE-2023-23914 https://bugzilla.redhat.com/show_bug.cgi?id=2167797 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-23915 – curl: HSTS amnesia with --parallel
https://notcve.org/view.php?id=CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS. A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. • https://hackerone.com/reports/1826048 https://security.gentoo.org/glsa/202310-12 https://security.netapp.com/advisory/ntap-20230309-0006 https://access.redhat.com/security/cve/CVE-2023-23915 https://bugzilla.redhat.com/show_bug.cgi?id=2167813 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 1CVE-2023-23916 – curl: HTTP multi-header compression denial of service
https://notcve.org/view.php?id=CVE-2023-23916
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. • https://hackerone.com/reports/1826048 https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO https://security.gentoo.org/glsa/202310-12 https://security.netapp.com/advisory/ntap-20230309-0006 https://www.debian.org/security/2023/dsa-5365 https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 • CWE-770: Allocation of Resources Without Limits or Throttling •