CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39193 – Kernel: netfilter: xtables sctp out-of-bounds read in match_flags()
https://notcve.org/view.php?id=CVE-2023-39193
29 Sep 2023 — A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Se encontró una falla en el subsistema Netfilter en el kernel de Linux. El sctp_mt_check no validó el campo flag_count. • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39192 – Kernel: netfilter: xtables out-of-bounds read in u32_match_it()
https://notcve.org/view.php?id=CVE-2023-39192
29 Sep 2023 — A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. Se encontró una falla en el subsistema Netfilter en el kernel de Linux. El módulo xt_u32 no validó los campos en la estructura xt_u32. • https://access.redhat.com/errata/RHSA-2024:2950 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39194 – Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()
https://notcve.org/view.php?id=CVE-2023-39194
29 Sep 2023 — A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. Se encontró una falla en el subsistema XFRM del kernel de Linux. La falla específica existe en el procesamiento de filtros de estado, lo que puede resultar en una lectura más all... • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 2CVE-2023-42756 – Kernel: netfilter: race condition between ipset_cmd_add and ipset_cmd_swap
https://notcve.org/view.php?id=CVE-2023-42756
28 Sep 2023 — A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. Se encontró una falla en el subsistema Netfilter del kernel de Linux. Una condición de ejecución entre IPSET_CMD_ADD e IPSET_CMD_SWAP puede provocar un panic en el kernel debido a la invocación de `__ip_set_put` en un `set` incorrecto. • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4155 – Sev-es / sev-snp vmgexit double fetch vulnerability
https://notcve.org/view.php?id=CVE-2023-4155
06 Sep 2023 — A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). Se encontró una falla en KVM AMD S... • https://access.redhat.com/security/cve/CVE-2023-4155 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2023-20900 – open-vm-tools: SAML token signature bypass
https://notcve.org/view.php?id=CVE-2023-20900
31 Aug 2023 — A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . Un actor malicioso al ... • http://www.openwall.com/lists/oss-security/2023/08/31/1 • CWE-294: Authentication Bypass by Capture-replay CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27418
https://notcve.org/view.php?id=CVE-2020-27418
22 Aug 2023 — A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function. Una vulnerabilidad de use-after-free en el kernel de Fedora Linux 5.9.0-rc9 permite a los atacantes obtener información confidencial a través de la función vgacon_invert_region(). • http://fedora.com • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 18EXPL: 1CVE-2023-4273 – Kernel: exfat: stack overflow in exfat_get_uniname_from_ext_entry
https://notcve.org/view.php?id=CVE-2023-4273
09 Aug 2023 — A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. Se ha encontrado un fallo en el controlador exFAT del núcleo de Linu... • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-4194 – Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid
https://notcve.org/view.php?id=CVE-2023-4194
07 Aug 2023 — A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that t... • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2023-4147 – Kernel: netfilter: nf_tables_newrule when adding a rule with nfta_rule_chain_id leads to use-after-free
https://notcve.org/view.php?id=CVE-2023-4147
07 Aug 2023 — A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. Se encontró una falla de use-after-free en la funcionalidad Netfilter del kernel de Linux al agregar una regla con NFTA_RULE_CHAIN_ID. Esta falla permite a un usuario local bloquear o escalar sus privilegios en el sistema. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning... • https://github.com/murdok1982/Exploit-en-Python-para-CVE-2023-4147 • CWE-416: Use After Free •