CVE-2023-6817 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-6817
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a. Una vulnerabilidad de use after free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para lograr una escalada de privilegios local. La función nft_pipapo_walk no omitió elementos inactivos durante el recorrido establecido, lo que podría provocar desactivaciones dobles de elementos PIPAPO (Políticas de paquetes de pila), lo que llevaría a un use-after-free. Recomendamos actualizar después del commit 317eb9685095678f2c9f5a8189de698c5354316a. A use-after-free flaw was found in the Netfilter subsystem in the Linux kernel via the nft_pipapo_walk function. • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html http://www.openwall.com/lists/oss-security/2023/12/22/13 http://www.openwall.com/lists/oss-security/2023/12/22/6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html https://access.redhat.com/security/cve/CVE-2023 • CWE-416: Use After Free •
CVE-2023-50431
https://notcve.org/view.php?id=CVE-2023-50431
sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized. sec_attest_info en drivers/accel/habanalabs/common/habanalabs_ioctl.c en el kernel de Linux hasta 6.6.5 permite una fuga de información al espacio del usuario porque info->pad0 no está inicializado. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a9f07790a4b2250f0140e9a61c7f842fd9b618c7 https://lists.freedesktop.org/archives/dri-devel/2023-November/431772.html •
CVE-2023-6560 – Kernel: io_uring out of boundary memory access in __io_uaddr_map()
https://notcve.org/view.php?id=CVE-2023-6560
An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system. Se encontró una falla de acceso a memoria fuera de los límites en la funcionalidad de anillos io_uring SQ/CQ en el kernel de Linux. Este problema podría permitir que un usuario local bloquee el sistema. __io_uaddr_map() in io_uring suffers from dangerous handling of the multi-page region. • http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html https://access.redhat.com/security/cve/CVE-2023-6560 https://bugzilla.redhat.com/show_bug.cgi?id=2253249 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AU4NHBDEDLRW33O76Y6LFECEYNQET5GZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCQIPFUQXKXRCH5Y4RP3C5NK4IHNBNVK https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVE-2023-6622 – Kernel: null pointer dereference vulnerability in nft_dynset_init()
https://notcve.org/view.php?id=CVE-2023-6622
A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service. Se encontró una vulnerabilidad de desreferencia de puntero nulo en nft_dynset_init() en net/netfilter/nft_dynset.c en nf_tables en el kernel de Linux. Este problema puede permitir que un atacante local con privilegios de usuario CAP_NET_ADMIN active una denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-6622 https://bugzilla.redhat.com/show_bug.cgi?id=2253632 https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bea https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAOVK2F3ALGKYIQ5IOMAYEC2DGI7BWAW https://lists.fedoraproject.org/archives/list/package-announce& • CWE-476: NULL Pointer Dereference •
CVE-2023-39198 – Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()
https://notcve.org/view.php?id=CVE-2023-39198
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Se encontró una condición de ejecución en el controlador QXL del kernel de Linux. La función qxl_mode_dumb_create() desreferencia el qobj devuelto por qxl_gem_object_create_with_handle(), pero el identificador es el único que contiene una referencia a él. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39198 https://bugzilla.redhat.com/show_bug.cgi?id=2218332 https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html • CWE-416: Use After Free •