CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-3389 – Use after free in io_uring in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-3389
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable). Una vulnerabilidad de use-after-free en el subsistema de io_uring del kernel de Linux puede ser explotada para lograr la escalada de privilegios locales. Ejecutar una solicitud de io_uring cancelar sondeo con un tiempo de espera vinculado puede provocar una UAF en un hrtimer. Recomendamos actualizar al commit anterior ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 para 5.10 stable y 0e388fce7aec40992eadee654193cad345d62663 para 5.15 stable). • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=4716c73b188566865bdd79c3a6709696a224ac04 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=0e388fce7aec40992eadee654193cad345d62663 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59 https://kernel.dance/0e388fce7aec40992eade • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 2CVE-2023-3297
https://notcve.org/view.php?id=CVE-2023-3297
In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. en Ubuntu AccountsService un atacante local no privilegiado puede desencadenar una vulnerabilidad de uso de memoria previamente liberada en accountsservice enviando mensajes D-Bus al accounts-daemon process. • https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297 https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice https://ubuntu.com/security/notices/USN-6190-1 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 2CVE-2023-35788 – kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
https://notcve.org/view.php?id=CVE-2023-35788
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. Se descubrió un problema en fl_set_geneve_opt en net/sched/cls_flower.c en el kernel de Linux antes de 6.3.7. Permite una escritura fuera de los límites en el código flower classifier a través de paquetes TCA_FLOWER_KEY_ENC_OPTS_GENEVE. • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html http://www.openwall.com/lists/oss-security/2023/06/17/1 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7 https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20230714-0002 https://www.debian& • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1523
https://notcve.org/view.php?id=CVE-2023-1523
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. Utilizando la petición IOCTL de TIOCLINUX, un snap malicoso podría inyectar contenido en la entrada del terminal de control, lo que podría permitir que se ejecutaran comandos arbitrarios fuera del sandbox del snap después de que éste saliera. Los emuladores gráficos de terminal como xterm, gnome-terminal y otros no se ven afectados. Esto sólo puede ser explotado cuando los snaps se ejecutan en una consola virtual. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523 https://github.com/snapcore/snapd/pull/12849 https://marc.info/?l=oss-security&m=167879021709955&w=2 https://ubuntu.com/security/notices/USN-6125-1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2612 – shiftfs lock unbalance in Ubuntu-specific kernels
https://notcve.org/view.php?id=CVE-2023-2612
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock). • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?id=02b47547824b1cd0d55c6744f91886f04de8947e https://ubuntu.com/security/CVE-2023-2612 https://ubuntu.com/security/notices/USN-6122-1 https://ubuntu.com/security/notices/USN-6123-1 https://ubuntu.com/security/notices/USN-6124-1 https://ubuntu.com/security/notices/USN-6127-1 • CWE-667: Improper Locking •