CVE-2023-26544
https://notcve.org/view.php?id=CVE-2023-26544
In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. • https://bugzilla.suse.com/show_bug.cgi?id=1208697 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=887bfc546097fbe8071dac13b2fef73b77920899 https://lkml.org/lkml/2023/2/20/128 https://security.netapp.com/advisory/ntap-20230316-0010 • CWE-416: Use After Free •
CVE-2023-26545 – kernel: mpls: double free on sysctl allocation failure
https://notcve.org/view.php?id=CVE-2023-26545
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377 https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230316-0009 https://access.redhat.com/security/cve/CVE-2023-26545 • CWE-415: Double Free •
CVE-2023-0045 – Incorrect indirect branch prediction barrier in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-0045
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 • https://github.com/ASkyeye/CVE-2023-0045 https://github.com/es0j/CVE-2023-0045 https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96 https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230714-0001 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2023-23039
https://notcve.org/view.php?id=CVE-2023-23039
An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). • https://lkml.org/lkml/2023/1/1/169 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2023-26242
https://notcve.org/view.php?id=CVE-2023-26242
afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow. • https://bugzilla.suse.com/show_bug.cgi?id=1208518 https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com https://security.netapp.com/advisory/ntap-20230406-0002 • CWE-190: Integer Overflow or Wraparound •