CVE-2024-0567 – Gnutls: rejects certificate chain with distributed trust
https://notcve.org/view.php?id=CVE-2024-0567
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. Se encontró una vulnerabilidad en GnuTLS, donde una cabina (que usa gnuTLS) rechaza una cadena de certificados con confianza distribuida. Este problema ocurre al validar una cadena de certificados con cockpit-certificate-ensure. • http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/errata/RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:1082 https://access.redhat.com/errata/RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.fedoraproject.org/archives/list/package-announce@lists. • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2024-0553 – Gnutls: incomplete fix for cve-2023-5981
https://notcve.org/view.php?id=CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. Se encontró una vulnerabilidad en GnuTLS. • http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/errata/RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:0627 https://access.redhat.com/errata/RHSA-2024:0796 https://access.redhat.com/errata/RHSA-2024:1082 https://access.redhat.com/errata/RHSA-2024:1108 https://access.redhat.com/errata/RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.red • CWE-203: Observable Discrepancy •
CVE-2023-4001 – Grub2: bypass the grub password protection feature
https://notcve.org/view.php?id=CVE-2023-4001
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package. Se encontró un fallo de omisión de autenticación en GRUB debido a la forma en que GRUB usa el UUID de un dispositivo para buscar el archivo de configuración que contiene el hash de contraseña para la función de protección de contraseña de GRUB. Un atacante capaz de conectar una unidad externa, como una memoria USB que contenga un sistema de archivos con un UUID duplicado (el mismo que en el sistema de archivos "/boot/") puede omitir la función de protección con contraseña GRUB en los sistemas UEFI, que enumeran unidades extraíbles. antes que los no removibles. • http://www.openwall.com/lists/oss-security/2024/01/15/3 https://access.redhat.com/errata/RHSA-2024:0437 https://access.redhat.com/errata/RHSA-2024:0456 https://access.redhat.com/errata/RHSA-2024:0468 https://access.redhat.com/security/cve/CVE-2023-4001 https://bugzilla.redhat.com/show_bug.cgi?id=2224951 https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject& • CWE-290: Authentication Bypass by Spoofing •
CVE-2024-23301 – rear: creates a world-readable initrd
https://notcve.org/view.php?id=CVE-2024-23301
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. Relax-and-Recover (a.k.a ReaR) hasta 2.7 crea un initrd world-readable cuando se usa GRUB_RESCUE=y. Esto permite a los atacantes locales obtener acceso a secretos del sistema que de otro modo sólo serían legibles por root. A vulnerability has been identified in Relax-and-Recover (ReaR), where the use of GRUB_RESCUE=y results in the creation of an initrd that is readable by anyone. • https://github.com/rear/rear/issues/3122 https://github.com/rear/rear/pull/3123 https://lists.debian.org/debian-lts-announce/2024/02/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7 https://access.redhat.com/security/cve/CVE-2024-23301 https://bugzilla.redhat.com/show_bug.cgi?id=2258396 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVE-2024-0443 – Kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.
https://notcve.org/view.php?id=CVE-2024-0443
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error. Se encontró un fallo en la ruta de destrucción de blkgs en block/blk-cgroup.c en el kernel de Linux, lo que provocó un problema de pérdida de memoria de cgroup blkio. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7370 https://access.redhat.com/security/cve/CVE-2024-0443 https://bugzilla.redhat.com/show_bug.cgi?id=2257968 https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-668: Exposure of Resource to Wrong Sphere •