CVE-2024-0553 – Gnutls: incomplete fix for cve-2023-5981
https://notcve.org/view.php?id=CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. Se encontró una vulnerabilidad en GnuTLS. • http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/errata/RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:0627 https://access.redhat.com/errata/RHSA-2024:0796 https://access.redhat.com/errata/RHSA-2024:1082 https://access.redhat.com/errata/RHSA-2024:1108 https://access.redhat.com/errata/RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.red • CWE-203: Observable Discrepancy •
CVE-2023-4001 – Grub2: bypass the grub password protection feature
https://notcve.org/view.php?id=CVE-2023-4001
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package. Se encontró un fallo de omisión de autenticación en GRUB debido a la forma en que GRUB usa el UUID de un dispositivo para buscar el archivo de configuración que contiene el hash de contraseña para la función de protección de contraseña de GRUB. Un atacante capaz de conectar una unidad externa, como una memoria USB que contenga un sistema de archivos con un UUID duplicado (el mismo que en el sistema de archivos "/boot/") puede omitir la función de protección con contraseña GRUB en los sistemas UEFI, que enumeran unidades extraíbles. antes que los no removibles. • http://www.openwall.com/lists/oss-security/2024/01/15/3 https://access.redhat.com/errata/RHSA-2024:0437 https://access.redhat.com/errata/RHSA-2024:0456 https://access.redhat.com/errata/RHSA-2024:0468 https://access.redhat.com/security/cve/CVE-2023-4001 https://bugzilla.redhat.com/show_bug.cgi?id=2224951 https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject& • CWE-290: Authentication Bypass by Spoofing •
CVE-2024-23301 – rear: creates a world-readable initrd
https://notcve.org/view.php?id=CVE-2024-23301
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. Relax-and-Recover (a.k.a ReaR) hasta 2.7 crea un initrd world-readable cuando se usa GRUB_RESCUE=y. Esto permite a los atacantes locales obtener acceso a secretos del sistema que de otro modo sólo serían legibles por root. A vulnerability has been identified in Relax-and-Recover (ReaR), where the use of GRUB_RESCUE=y results in the creation of an initrd that is readable by anyone. • https://github.com/rear/rear/issues/3122 https://github.com/rear/rear/pull/3123 https://lists.debian.org/debian-lts-announce/2024/02/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7 https://access.redhat.com/security/cve/CVE-2024-23301 https://bugzilla.redhat.com/show_bug.cgi?id=2258396 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVE-2024-0443 – Kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.
https://notcve.org/view.php?id=CVE-2024-0443
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error. Se encontró un fallo en la ruta de destrucción de blkgs en block/blk-cgroup.c en el kernel de Linux, lo que provocó un problema de pérdida de memoria de cgroup blkio. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7370 https://access.redhat.com/security/cve/CVE-2024-0443 https://bugzilla.redhat.com/show_bug.cgi?id=2257968 https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-5455 – Ipa: invalid csrf protection
https://notcve.org/view.php?id=CVE-2023-5455
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. • https://access.redhat.com/errata/RHSA-2024:0137 https://access.redhat.com/errata/RHSA-2024:0138 https://access.redhat.com/errata/RHSA-2024:0139 https://access.redhat.com/errata/RHSA-2024:0140 https://access.redhat.com/errata/RHSA-2024:0141 https://access.redhat.com/errata/RHSA-2024:0142 https://access.redhat.com/errata/RHSA-2024:0143 https://access.redhat.com/errata/RHSA-2024:0144 https://access.redhat.com/errata/RHSA-2024:0145 https://access.redhat.com/errata/RHSA • CWE-352: Cross-Site Request Forgery (CSRF) •