CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-5345 – Use-after-free in Linux kernel's fs/smb/client component
https://notcve.org/view.php?id=CVE-2023-5345
A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. Se puede explotar una vulnerabilidad de use-after-free en el componente fs/smb/client del kernel de Linux para lograr una escalada de privilegios local. En caso de un error en smb3_fs_context_parse_param, se liberó ctx->password pero el campo no se configuró en NULL, lo que podría provocar una doble liberación. Recomendamos actualizar al commit anterior e6e43b8aa7cd3c3af686caf0c2e11819a886d705. A flaw was found in the SMB client component in the Linux kernel. • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705 https://kernel.dance/e6e43b8aa7cd3c3af686caf0c2e11819a886d705 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6 https://lists.fedoraproject.org&#x • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39193 – Kernel: netfilter: xtables sctp out-of-bounds read in match_flags()
https://notcve.org/view.php?id=CVE-2023-39193
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Se encontró una falla en el subsistema Netfilter en el kernel de Linux. El sctp_mt_check no validó el campo flag_count. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39193 https://bugzilla.redhat.com/show_bug.cgi?id=2226787 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39194 – Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()
https://notcve.org/view.php?id=CVE-2023-39194
A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. Se encontró una falla en el subsistema XFRM del kernel de Linux. La falla específica existe en el procesamiento de filtros de estado, lo que puede resultar en una lectura más allá del final de un búfer asignado. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39194 https://bugzilla.redhat.com/show_bug.cgi?id=2226788 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111 • CWE-125: Out-of-bounds Read •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39191 – Kernel: ebpf: insufficient stack type checks in dynptr
https://notcve.org/view.php?id=CVE-2023-39191
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel. Se encontró una falla de validación de entrada incorrecta en el subsistema eBPF del kernel de Linux. El problema se debe a una falta de validación adecuada de los punteros dinámicos dentro de los programas eBPF proporcionados por el usuario antes de ejecutarlos. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2024:0381 https://access.redhat.com/errata/RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0448 https://access.redhat.com/security/cve/CVE-2023-39191 https://bugzilla.redhat.com/show_bug.cgi?id=2226783 https://www.zerodayinitiative.com/advisories/ZDI-CAN-19399 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39192 – Kernel: netfilter: xtables out-of-bounds read in u32_match_it()
https://notcve.org/view.php?id=CVE-2023-39192
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. Se encontró una falla en el subsistema Netfilter en el kernel de Linux. El módulo xt_u32 no validó los campos en la estructura xt_u32. • https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39192 https://bugzilla.redhat.com/show_bug.cgi?id=2226784 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.zerodayinitiative.com/advisories/ZDI-CAN-18408 • CWE-125: Out-of-bounds Read •