CVE-2023-33951 – Kernel: vmwgfx: race condition leading to information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-33951
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:4823 https://access.redhat.com/errata/RHSA-2024:4831 https://access.redhat.com/security/cve/CVE-2023-33951 https://bugzilla.redhat.com/show_bug.cgi?id=2218195 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVE-2023-32258 – Session race condition remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-32258
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. Se encontró una falla en el ksmbd del kernel de Linux, un servidor SMB de alto rendimiento en el kernel. • https://access.redhat.com/security/cve/CVE-2023-32258 https://bugzilla.redhat.com/show_bug.cgi?id=2219809 https://security.netapp.com/advisory/ntap-20230915-0011 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVE-2023-32252 – Session null pointer dereference denial-of-service vulnerability
https://notcve.org/view.php?id=CVE-2023-32252
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-32252 https://bugzilla.redhat.com/show_bug.cgi?id=2219815 https://security.netapp.com/advisory/ntap-20231124-0001 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590 • CWE-476: NULL Pointer Dereference •
CVE-2023-32254 – Tree connection race condition remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-32254
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-32254 https://bugzilla.redhat.com/show_bug.cgi?id=2191658 https://security.netapp.com/advisory/ntap-20230824-0004 https://www.zerodayinitiative.com/advisories/ZDI-23-702 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2023-2860 – Out-of-bounds read when setting hmac data
https://notcve.org/view.php?id=CVE-2023-2860
An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-2860 https://bugzilla.redhat.com/show_bug.cgi?id=2218122 https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511 • CWE-125: Out-of-bounds Read •