CVE-2023-46813 – kernel: SEV-ES local priv escalation
https://notcve.org/view.php?id=CVE-2023-46813
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. Se descubrió un problema en el kernel de Linux anterior a 6.5.9, explotable por usuarios locales con acceso al espacio de usuario de los registros MMIO. La verificación de acceso incorrecta en el controlador #VC y la emulación de instrucciones de la emulación SEV-ES de accesos MMIO podrían provocar un acceso de escritura arbitrario a la memoria del kernel (y, por lo tanto, una escalada de privilegios). • https://bugzilla.suse.com/show_bug.cgi?id=1212649 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf https://lists.debian.org/debian-lts • CWE-269: Improper Privilege Management •
CVE-2023-5633 – Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling
https://notcve.org/view.php?id=CVE-2023-5633
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. Los cambios en el recuento de referencias realizados como parte de las correcciones CVE-2023-33951 y CVE-2023-33952 expusieron una falla de use-after-free en la forma en que se manejaban los objetos de memoria cuando se usaban para almacenar una superficie. Cuando se ejecuta dentro de un invitado de VMware con la aceleración 3D habilitada, un usuario local sin privilegios podría utilizar esta falla para aumentar sus privilegios. • https://access.redhat.com/errata/RHSA-2024:0113 https://access.redhat.com/errata/RHSA-2024:0134 https://access.redhat.com/errata/RHSA-2024:0461 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:4823 https://access.redhat.com/errata/RHSA-2024:4831 https://access.redhat.com/security/cve/CVE-2023-5633 https://bugzilla.redhat.com/show_bug.cgi?id=2245663 • CWE-416: Use After Free •
CVE-2023-40791
https://notcve.org/view.php?id=CVE-2023-40791
extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page. extract_user_to_sg en lib/scatterlist.c en el kernel de Linux anterior a 6.4.12 no logra desanclar páginas en una situación determinada, como lo demuestra una ADVERTENCIA para try_grab_page. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f443fd5af5dbd531f880d3645d5dd36976cf087f https://lkml.org/lkml/2023/8/3/323 https://lore.kernel.org/linux-crypto/20571.1690369076%40warthog.procyon.org.uk https://security.netapp.com/advisory/ntap-20231110-0009 •
CVE-2023-45898
https://notcve.org/view.php?id=CVE-2023-45898
The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent. El kernel de Linux anterior a 6.5.4 tiene un es1 use-after-free en fs/ext4/extents_status.c, relacionado con ext4_es_insert_extent. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.4 https://github.com/torvalds/linux/commit/768d612f79822d30a1e7d132a4d4b05337ce42ec https://lkml.org/lkml/2023/8/13/477 https://lore.kernel.org/lkml/aa03f191-445c-0d2e-d6d7-0a3208d7df7a%40huawei.com/T https://www.spinics.net/lists/stable-commits/msg317086.html • CWE-416: Use After Free •
CVE-2023-45871 – kernel: IGB driver inadequate buffer size for frames larger than MTU
https://notcve.org/view.php?id=CVE-2023-45871
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. Se descubrió un problema en drivers/net/ethernet/intel/igb/igb_main.c en el controlador IGB en el kernel de Linux anterior a 6.5.3. Es posible que un tamaño de búfer no sea adecuado para tramas más grandes que la MTU. A flaw was found in igb_configure_rx_ring in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20231110-0001 https://access.redhat.com/security/cve/CVE-2023-45871 https://bugzilla.redhat.com/show_bug.cgi?id=2244723 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-131: Incorrect Calculation of Buffer Size •