CVE-2023-47233
https://notcve.org/view.php?id=CVE-2023-47233
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. El componente brcm80211 en el kernel de Linux hasta 6.5.10 tiene un código brcmf_cfg80211_detach use after free en el código de desconexión del dispositivo (desconectar el USB mediante conexión en caliente). Para los atacantes físicamente próximos con acceso local, esto "podría explotarse en un escenario del mundo real". • https://bugzilla.suse.com/show_bug.cgi?id=1216702 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com https://marc.info/?l=linux-kernel&m=169907678011243&w=2 • CWE-416: Use After Free •
CVE-2023-5178 – Kernel: use after free in nvmet_tcp_free_crypto in nvme
https://notcve.org/view.php?id=CVE-2023-5178
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. Se encontró una vulnerabilidad de use-after-free en drivers/nvme/target/tcp.c` en `nvmet_tcp_free_crypto` debido a un error lógico en el subsistema NVMe-oF/TCP en el kernel de Linux. Este problema puede permitir que un usuario malintencionado cause un problema de use-after-free y double-free, lo que puede permitir la ejecución remota de código o provocar una escalada de privilegios locales en caso de que el atacante ya tenga privilegios locales. • https://github.com/rockrid3r/CVE-2023-5178 https://access.redhat.com/errata/RHSA-2023:7370 https://access.redhat.com/errata/RHSA-2023:7379 https://access.redhat.com/errata/RHSA-2023:7418 https://access.redhat.com/errata/RHSA-2023:7548 https://access.redhat.com/errata/RHSA-2023:7549 https://access.redhat.com/errata/RHSA-2023:7551 https://access.redhat.com/errata/RHSA-2023:7554 https://access.redhat.com/errata/RHSA-2023:7557 https://access.redhat.com/errata/RHSA-2023 • CWE-416: Use After Free •
CVE-2023-46862 – kernel: NULL pointer dereference vulnerability in io_uring_show_fdinfo
https://notcve.org/view.php?id=CVE-2023-46862
An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. Se descubrió un problema en el kernel de Linux hasta 6.5.9. Durante una ejecución con salida de hilo SQ, puede ocurrir una desreferencia del puntero NULL io_uring/fdinfo.c io_uring_show_fdinfo. A null pointer dereference flaw was found in the Linux kernel's io_uring functionality. • https://bugzilla.kernel.org/show_bug.cgi?id=218032#c4 https://github.com/torvalds/linux/commit/7644b1a1c9a7ae8ab99175989bfc8676055edb46 https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html https://access.redhat.com/security/cve/CVE-2023-46862 https://bugzilla.redhat.com/show_bug.cgi?id=2246980 • CWE-476: NULL Pointer Dereference •
CVE-2023-46813 – kernel: SEV-ES local priv escalation
https://notcve.org/view.php?id=CVE-2023-46813
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. Se descubrió un problema en el kernel de Linux anterior a 6.5.9, explotable por usuarios locales con acceso al espacio de usuario de los registros MMIO. La verificación de acceso incorrecta en el controlador #VC y la emulación de instrucciones de la emulación SEV-ES de accesos MMIO podrían provocar un acceso de escritura arbitrario a la memoria del kernel (y, por lo tanto, una escalada de privilegios). • https://bugzilla.suse.com/show_bug.cgi?id=1212649 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf https://lists.debian.org/debian-lts • CWE-269: Improper Privilege Management •
CVE-2023-5717 – Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component
https://notcve.org/view.php?id=CVE-2023-5717
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. Se puede aprovechar una vulnerabilidad de escritura fuera de límites del montón en el componente Linux Kernel Performance Events (perf) del kernel de Linux para lograr una escalada de privilegios local. Si se llama a perf_read_group() mientras la lista de hermanos de un evento es más pequeña que la lista de hermanos de su hijo, puede incrementar o escribir en ubicaciones de memoria fuera del búfer asignado. Recomendamos actualizar después del commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. A flaw was found in the Linux kernel's Performance Events system component. • https://github.com/uthrasri/CVE-2023-5717 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06 https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html https://access.redhat.com/security/cve/CVE-2023-5717 https://bugzilla.redhat.com/show_bug.cgi?id=2246945 • CWE-787: Out-of-bounds Write •