CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0CVE-2023-32820
https://notcve.org/view.php?id=CVE-2023-32820
In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637. En wlan firmware, existe una posible afirmación del firmware debido a un manejo inadecuado de la entrada. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44466 – kernel: buffer overflow in ceph file net/ceph/messenger_v2.c
https://notcve.org/view.php?id=CVE-2023-44466
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32. Se descubrió un problema en net/ceph/messenger_v2.c en el kernel de Linux anterior a 6.4.5. Hay un error de firma de enteros, lo que provoca un desbordamiento del búfer y la ejecución remota de código a través de HELLO o uno de los frames AUTH. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a282a2f10539dce2aa619e71e1817570d557fc97 https://github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwph https://github.com/torvalds/linux/commit/a282a2f10539dce2aa619e71e1817570d557fc97 https://security.netapp.com/advisory/ntap-20231116-0003 https://www.spinics.net/lists/ceph-devel/msg57909.html https://access.redhat.com/security/cve/CVE-2023-44466 https://bugzilla.redhat.com/show_bug.cgi?id=2241342 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39191 – Kernel: ebpf: insufficient stack type checks in dynptr
https://notcve.org/view.php?id=CVE-2023-39191
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel. Se encontró una falla de validación de entrada incorrecta en el subsistema eBPF del kernel de Linux. El problema se debe a una falta de validación adecuada de los punteros dinámicos dentro de los programas eBPF proporcionados por el usuario antes de ejecutarlos. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2024:0381 https://access.redhat.com/errata/RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0448 https://access.redhat.com/security/cve/CVE-2023-39191 https://bugzilla.redhat.com/show_bug.cgi?id=2226783 https://www.zerodayinitiative.com/advisories/ZDI-CAN-19399 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39192 – Kernel: netfilter: xtables out-of-bounds read in u32_match_it()
https://notcve.org/view.php?id=CVE-2023-39192
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. Se encontró una falla en el subsistema Netfilter en el kernel de Linux. El módulo xt_u32 no validó los campos en la estructura xt_u32. • https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39192 https://bugzilla.redhat.com/show_bug.cgi?id=2226784 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.zerodayinitiative.com/advisories/ZDI-CAN-18408 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39193 – Kernel: netfilter: xtables sctp out-of-bounds read in match_flags()
https://notcve.org/view.php?id=CVE-2023-39193
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Se encontró una falla en el subsistema Netfilter en el kernel de Linux. El sctp_mt_check no validó el campo flag_count. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39193 https://bugzilla.redhat.com/show_bug.cgi?id=2226787 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866 • CWE-125: Out-of-bounds Read •