CVE-2023-40283 – kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
https://notcve.org/view.php?id=CVE-2023-40283
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. A flaw was found in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.htm • CWE-416: Use After Free •
CVE-2023-32629
https://notcve.org/view.php?id=CVE-2023-32629
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels La vulnerabilidad de escalada de privilegios locales en los kernels de Ubuntu que superpone ovl_copy_up_meta_inode_data omite comprobaciones de permisos al llamar a ovl_do_setxattr en kernels de Ubuntu • https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation https://github.com/xS9NTX/CVE-2023-32629-CVE-2023-2640-Ubuntu-Privilege-Escalation-POC https://github.com/g1vi/CVE-2023-2640-CVE-2023-32629 https://github.com/kaotickj/Check-for-CVE-2023-32629-GameOver-lay https://github.com/Nkipohcs/CVE-2023-2640-CVE-2023-32629 https://github.com/musorblyat/CVE-2023-2640-CVE-2023-32629 http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.ht • CWE-863: Incorrect Authorization •
CVE-2023-2640 – Canonical Ubuntu OverlayFS File System Missing Authorization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2640
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks. This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of attributes. The issue results from missing authorization before allowing access to functionality. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation https://github.com/xS9NTX/CVE-2023-32629-CVE-2023-2640-Ubuntu-Privilege-Escalation-POC https://github.com/g1vi/CVE-2023-2640-CVE-2023-32629 https://github.com/Nkipohcs/CVE-2023-2640-CVE-2023-32629 https://github.com/musorblyat/CVE-2023-2640-CVE-2023-32629 https://github.com/K5LK/CVE-2023-2640-32629 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640 https://lists.ubuntu.com/archives/ker • CWE-863: Incorrect Authorization •
CVE-2023-3567 – Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
https://notcve.org/view.php?id=CVE-2023-3567
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://access.redhat.com/errata/RHSA-2024:0412 https://access.redhat.com/errata/RHSA-2024:0431 https://access.redhat.com/errata/RHSA-2024:0432 https://access.redhat.com/errata/RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0448 https://access.redhat.com/errata/RHSA-2024:0575 https:// • CWE-416: Use After Free •
CVE-2023-31248 – Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-31248
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace Vulnerabilidad de Escalada de Privilegios Locales de Use-After-Free de Linux nftables; 'nft_chain_lookup_byid()' no pudo comprobar si una cadena estaba activa y CAP_NET_ADMIN está en cualquier espacio de nombres de usuario o red A use-after-free flaw was found in the Linux kernel's Netfilter module in net/netfilter/nf_tables_api.c in nft_chain_lookup_byid. This flaw allows a local attacker to cause a local privilege escalation issue due to a missing cleanup. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of nft_chains. The issue results from the lack of validating the status of a chain while processing lookup on the chain. • http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html http://www.openwall.com/lists/oss-security/2023/07/05/2 https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.or • CWE-416: Use After Free •