CVE-2023-3338 – Crash due to a null pointer dereference in the dn_nsp_send function
https://notcve.org/view.php?id=CVE-2023-3338
A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system. • https://github.com/TurtleARM/CVE-2023-3338-DECPwn https://access.redhat.com/security/cve/CVE-2023-3338 https://bugzilla.redhat.com/show_bug.cgi?id=2218618 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://seclists.org/oss-sec/2023/q2/276 https://security.netapp.com/advisory/ntap-20230824-0005 https://www.debian.org/security/2023/dsa-5480 • CWE-476: NULL Pointer Dereference •
CVE-2023-1206 – kernel: hash collisions in the IPv6 connection lookup table
https://notcve.org/view.php?id=CVE-2023-1206
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. • https://bugzilla.redhat.com/show_bug.cgi?id=2175903 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230929-0006 https://www.debian.org/security/2023/dsa-5480 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-1206 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-3390 – Use-after-free in Linux kernel's netfilter subsystem
https://notcve.org/view.php?id=CVE-2023-3390
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. Se encontró una vulnerabilidad de use-after-free en el subsistema netfilter del kernel de Linux en net/netfilter/nf_tables_api.c. El manejo de errores mal manejado con NFT_MSG_NEWRULE permite usar un puntero colgante en la misma transacción que causa una vulnerabilidad de use-after-free. Esta falla permite que un atacante local con acceso de usuario cause un problema de escalada de privilegios. • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97 https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97 https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230818-0004 https://www.debian.org/security/2023/dsa-5448 https • CWE-416: Use After Free •
CVE-2023-3389 – Use after free in io_uring in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-3389
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable). Una vulnerabilidad de use-after-free en el subsistema de io_uring del kernel de Linux puede ser explotada para lograr la escalada de privilegios locales. Ejecutar una solicitud de io_uring cancelar sondeo con un tiempo de espera vinculado puede provocar una UAF en un hrtimer. Recomendamos actualizar al commit anterior ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 para 5.10 stable y 0e388fce7aec40992eadee654193cad345d62663 para 5.15 stable). • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=4716c73b188566865bdd79c3a6709696a224ac04 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=0e388fce7aec40992eadee654193cad345d62663 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59 https://kernel.dance/0e388fce7aec40992eade • CWE-416: Use After Free •
CVE-2023-3090 – Out-of-bounds write in Linux kernel's ipvlan network driver
https://notcve.org/view.php?id=CVE-2023-3090
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. Una vulnerabilidad de escritura fuera de los límites de la memoria en el controlador de red ipvlan del kernel de Linux se puede explotar para lograr la escalada de privilegios locales. La escritura fuera de los límites se debe a la falta de inicialización skb->cb en el controlador de red ipvlan. La vulnerabilidad es accesible si CONFIG_IPVLAN está habilitada. • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security • CWE-787: Out-of-bounds Write •