CVE-2023-3611 – Out-of-bounds write in Linux kernel's net/sched: sch_qfq component
https://notcve.org/view.php?id=CVE-2023-3611
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. An out-of-bounds memory write flaw was found in qfq_change_agg in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64 https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230908-0002 https://www.debian.org/security/2023/dsa-5480 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/C • CWE-787: Out-of-bounds Write •
CVE-2023-0160 – Possibility of deadlock in libbpf function sock_hash_delete_elem
https://notcve.org/view.php?id=CVE-2023-0160
A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system. • https://access.redhat.com/security/cve/CVE-2023-0160 https://bugzilla.redhat.com/show_bug.cgi?id=2159764 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56 https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com • CWE-667: Improper Locking CWE-833: Deadlock •
CVE-2023-38409 – kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment
https://notcve.org/view.php?id=CVE-2023-38409
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info). A memory corruption flaw was found in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Framebuffer Console in the Linux kernel. This flaw allows a local attacker to crash the system, leading to a denial of service. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.12 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d https://access.redhat.com/security/cve/CVE-2023-38409 https://bugzilla.redhat.com/show_bug.cgi?id=2230042 • CWE-129: Improper Validation of Array Index CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2023-3106 – Kernel: netlink socket crash (null pointer deref) in netlink_dump function
https://notcve.org/view.php?id=CVE-2023-3106
A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. • https://access.redhat.com/security/cve/CVE-2023-3106 https://bugzilla.redhat.com/show_bug.cgi?id=2221501 https://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb5635 • CWE-476: NULL Pointer Dereference •
CVE-2023-37454
https://notcve.org/view.php?id=CVE-2023-37454
An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5 https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55 https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57 https://syzkaller.appspot.com/bug? • CWE-416: Use After Free •