CVE-2023-4133 – Kernel: cxgb4: use-after-free in ch_flower_stats_cb()
https://notcve.org/view.php?id=CVE-2023-4133
A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-4133 https://bugzilla.redhat.com/show_bug.cgi?id=2221702 • CWE-416: Use After Free •
CVE-2023-4004 – Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()
https://notcve.org/view.php?id=CVE-2023-4004
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Se encontró una falla de use-after-free en el netfilter del kernel de Linux en la forma en que un usuario activa la función nft_pipapo_remove con el elemento, sin un NFT_SET_EXT_KEY_END. Este problema podría permitir que un usuario local bloquee el sistema o potencialmente aumente sus privilegios en el sistema. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://access.redhat.com/errata/RHSA-2023:4961 https://access.redhat.com/errata/RHSA-2023:4962 https://access.redhat.com/errata/RHSA-2023:4967 https://access.redhat.com/errata/RHSA-2023:5069 https://access.redhat.com/errata/RHSA-2023:5091 https://access.redhat.com/errata/RHSA-2023:5093 https:// • CWE-416: Use After Free •
CVE-2023-3863 – Use-after-free in nfc_llcp_find_loca in net/nfc/llcp_core.c
https://notcve.org/view.php?id=CVE-2023-3863
A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue. • https://access.redhat.com/security/cve/CVE-2023-3863 https://bugzilla.redhat.com/show_bug.cgi?id=2225126 https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240202-0002 https://www.debian.org/security/2023/dsa-5480 https://www.debian.org/security/2023/dsa-5492 • CWE-416: Use After Free •
CVE-2023-3776 – Use-after-free in Linux kernel's net/sched: cls_fw component
https://notcve.org/view.php?id=CVE-2023-3776
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. A use-after-free vulnerability was found in fw_set_parms in net/sched/cls_fw.c in network scheduler sub-component in the Linux Kernel. This issue occurs due to a missing sanity check during cleanup at the time of failure, leading to a misleading reference. This may allow a local attacker to gain local privilege escalation. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0323bce598eea038714f941ce2b22541c46d488f https://kernel.dance/0323bce598eea038714f941ce2b22541c46d488f https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.neta • CWE-416: Use After Free •
CVE-2023-3611 – Out-of-bounds write in Linux kernel's net/sched: sch_qfq component
https://notcve.org/view.php?id=CVE-2023-3611
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. An out-of-bounds memory write flaw was found in qfq_change_agg in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64 https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230908-0002 https://www.debian.org/security/2023/dsa-5480 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/C • CWE-787: Out-of-bounds Write •