CVE-2023-1077
https://notcve.org/view.php?id=CVE-2023-1077
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230511-0002 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-1195 – kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c
https://notcve.org/view.php?id=CVE-2023-1195
A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. • https://github.com/torvalds/linux/commit/153695d36ead0ccc4d0256953c751cabf673e621 https://access.redhat.com/security/cve/CVE-2023-1195 https://bugzilla.redhat.com/show_bug.cgi?id=2154171 • CWE-416: Use After Free •
CVE-2023-1513 – kernel: KVM: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems
https://notcve.org/view.php?id=CVE-2023-1513
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. • https://bugzilla.redhat.com/show_bug.cgi?id=2179892 https://github.com/torvalds/linux/commit/2c10b61421a28e95a46ab489fd56c0f442ff6952 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/kvm/20230214103304.3689213-1-gregkh%40linuxfoundation.org https://access.redhat.com/security/cve/CVE-2023-1513 • CWE-665: Improper Initialization •
CVE-2023-28772 – kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow
https://notcve.org/view.php?id=CVE-2023-28772
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. A buffer overflow write flaw was identified in seq_buf_putmem_hex in lib/seq_buf.c in seq_buf in the Linux Kernel. This issue may allow a user with special debug privileges such as ftrace or root to cause an overflow in the destination buffer due to a missing sanity check. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7 https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou%40windriver.com https://lore.kernel.org/lkml/20210625122453.5e2fe304%40oasis.local.home https://security.netapp.com/advisory/ntap-20230427-0005 https://access.redhat.com/security/cve/CVE-2023-28772 https://bugzilla.redhat.com/show_bug.cgi?id=2181330 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-1281 – UAF in Linux kernel's tcindex (traffic control index filter) implementation
https://notcve.org/view.php?id=CVE-2023-1281
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. • http://www.openwall.com/lists/oss-security/2023/04/11/3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee059170b1f7e94e55fa6cadee544e176a6e59c2 https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230427-0004 https://access.redhat.com/security/cve/CVE-2023-1281 https://bugzilla.r • CWE-416: Use After Free •