CVE-2023-38431
https://notcve.org/view.php?id=CVE-2023-38431
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=368ba06881c395f1c9a7ba22203cf8d78b4addc0 https://security.netapp.com/advisory/ntap-20230824-0011 • CWE-125: Out-of-bounds Read •
CVE-2023-38429
https://notcve.org/view.php?id=CVE-2023-38429
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=443d61d1fa9faa60ef925513d83742902390100f • CWE-193: Off-by-one Error •
CVE-2023-38428
https://notcve.org/view.php?id=CVE-2023-38428
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f https://security.netapp.com/advisory/ntap-20230831-0001 • CWE-125: Out-of-bounds Read •
CVE-2023-3269 – Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal
https://notcve.org/view.php?id=CVE-2023-3269
A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges. • http://seclists.org/fulldisclosure/2023/Jul/43 http://www.openwall.com/lists/oss-security/2023/07/28/1 http://www.openwall.com/lists/oss-security/2023/08/25/1 http://www.openwall.com/lists/oss-security/2023/08/25/4 https://access.redhat.com/security/cve/CVE-2023-3269 https://bugzilla.redhat.com/show_bug.cgi?id=2215268 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6AAA64CUPSMBW6XDTXPQJ3KQWYQ4K7L https://security.netapp.com/advisory • CWE-416: Use After Free •
CVE-2023-37454
https://notcve.org/view.php?id=CVE-2023-37454
An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f861765464f43a71462d52026fbddfc858239a5 https://lore.kernel.org/all/00000000000056e02f05dfb6e11a%40google.com/T https://syzkaller.appspot.com/bug?extid=26873a72980f8fa8bc55 https://syzkaller.appspot.com/bug?extid=60864ed35b1073540d57 https://syzkaller.appspot.com/bug? • CWE-416: Use After Free •