CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44466 – kernel: buffer overflow in ceph file net/ceph/messenger_v2.c
https://notcve.org/view.php?id=CVE-2023-44466
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32. Se descubrió un problema en net/ceph/messenger_v2.c en el kernel de Linux anterior a 6.4.5. Hay un error de firma de enteros, lo que provoca un desbordamiento del búfer y la ejecución remota de código a través de HELLO o uno de los frames AUTH. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a282a2f10539dce2aa619e71e1817570d557fc97 https://github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwph https://github.com/torvalds/linux/commit/a282a2f10539dce2aa619e71e1817570d557fc97 https://security.netapp.com/advisory/ntap-20231116-0003 https://www.spinics.net/lists/ceph-devel/msg57909.html https://access.redhat.com/security/cve/CVE-2023-44466 https://bugzilla.redhat.com/show_bug.cgi?id=2241342 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39194 – Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()
https://notcve.org/view.php?id=CVE-2023-39194
A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. Se encontró una falla en el subsistema XFRM del kernel de Linux. La falla específica existe en el procesamiento de filtros de estado, lo que puede resultar en una lectura más allá del final de un búfer asignado. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39194 https://bugzilla.redhat.com/show_bug.cgi?id=2226788 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111 • CWE-125: Out-of-bounds Read •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39191 – Kernel: ebpf: insufficient stack type checks in dynptr
https://notcve.org/view.php?id=CVE-2023-39191
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel. Se encontró una falla de validación de entrada incorrecta en el subsistema eBPF del kernel de Linux. El problema se debe a una falta de validación adecuada de los punteros dinámicos dentro de los programas eBPF proporcionados por el usuario antes de ejecutarlos. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2024:0381 https://access.redhat.com/errata/RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0448 https://access.redhat.com/security/cve/CVE-2023-39191 https://bugzilla.redhat.com/show_bug.cgi?id=2226783 https://www.zerodayinitiative.com/advisories/ZDI-CAN-19399 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39192 – Kernel: netfilter: xtables out-of-bounds read in u32_match_it()
https://notcve.org/view.php?id=CVE-2023-39192
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. Se encontró una falla en el subsistema Netfilter en el kernel de Linux. El módulo xt_u32 no validó los campos en la estructura xt_u32. • https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39192 https://bugzilla.redhat.com/show_bug.cgi?id=2226784 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.zerodayinitiative.com/advisories/ZDI-CAN-18408 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 2CVE-2023-42756 – Kernel: netfilter: race condition between ipset_cmd_add and ipset_cmd_swap
https://notcve.org/view.php?id=CVE-2023-42756
A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. Se encontró una falla en el subsistema Netfilter del kernel de Linux. Una condición de ejecución entre IPSET_CMD_ADD e IPSET_CMD_SWAP puede provocar un panic en el kernel debido a la invocación de `__ip_set_put` en un `set` incorrecto. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/security/cve/CVE-2023-42756 https://bugzilla.redhat.com/show_bug.cgi?id=2239848 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6 https://lists.fedoraproject.org/archives/list/package& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •