CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 2CVE-2023-35788 – kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
https://notcve.org/view.php?id=CVE-2023-35788
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. Se descubrió un problema en fl_set_geneve_opt en net/sched/cls_flower.c en el kernel de Linux antes de 6.3.7. Permite una escritura fuera de los límites en el código flower classifier a través de paquetes TCA_FLOWER_KEY_ENC_OPTS_GENEVE. • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html http://www.openwall.com/lists/oss-security/2023/06/17/1 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7 https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20230714-0002 https://www.debian& • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 0CVE-2023-1380
https://notcve.org/view.php?id=CVE-2023-1380
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html https://bugzilla.redhat.com/show_bug.cgi?id=2177883 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang%40yonsei.ac.kr/T/#u https://security.netapp.com& • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-40617
https://notcve.org/view.php?id=CVE-2022-40617
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. strongSwan anterior a 5.9.8 permite a atacantes remotos provocar una Denegación de Servicio en el complemento de revocación enviando un certificado de entidad final (y CA intermedia) manipulado que contiene una URL CRL/OCSP que apunta a un servidor (bajo el control del atacante) que no responde adecuadamente pero (por ejemplo) simplemente no hace nada después del protocolo de enlace TCP inicial o envía una cantidad excesiva de datos de la aplicación. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 5CVE-2022-2588 – Linux Kernel route4_change Double Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2588
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. Se descubrió que la implementación del filtro cls_route en el kernel de Linux no eliminaba un filtro antiguo de la tabla hash antes de liberarlo si su identificador tenía el valor 0. A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. • https://github.com/Markakd/CVE-2022-2588 https://github.com/veritas501/CVE-2022-2588 https://github.com/BassamGraini/CVE-2022-2588 https://github.com/PolymorphicOpcode/CVE-2022-2588 https://github.com/dom4570/CVE-2022-2588 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588 https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u https://ubuntu.com/security/notices/USN-5557-1 https://ubuntu.com/security/notices/USN-5560-1 https:/&#x • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2022-2586 – Linux Kernel Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-2586
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. Se descubrió que un objeto o expresión nft podía hacer referencia a un conjunto nft en una tabla nft diferente, lo que generaba un use-after-free una vez que se eliminaba esa tabla. A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. • https://github.com/aels/CVE-2022-2586-LPE https://github.com/sniper404ghostxploit/CVE-2022-2586 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586 https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t https://ubuntu.com/security/notices/USN-5557-1 https://ubuntu.com/security/notices/USN-5560-1 https://ubuntu.com/security/notices/USN-5560-2 https://ubuntu.com/security/notices/USN-5562-1 https://ubuntu.com/security/notices&# • CWE-416: Use After Free •