CVE-2024-0443 – Kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.
https://notcve.org/view.php?id=CVE-2024-0443
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error. Se encontró un fallo en la ruta de destrucción de blkgs en block/blk-cgroup.c en el kernel de Linux, lo que provocó un problema de pérdida de memoria de cgroup blkio. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7370 https://access.redhat.com/security/cve/CVE-2024-0443 https://bugzilla.redhat.com/show_bug.cgi?id=2257968 https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2024-0340 – Kernel: information disclosure in vhost/vhost.c:vhost_new_msg()
https://notcve.org/view.php?id=CVE-2024-0340
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. Se encontró una vulnerabilidad en vhost_new_msg en drivers/vhost/vhost.c en el kernel de Linux, que no inicializa correctamente la memoria en los mensajes pasados entre los invitados virtuales y el sistema operativo host en la función vhost/vhost.c:vhost_new_msg(). Este problema puede permitir a los usuarios locales privilegiados leer algunos contenidos de la memoria del kernel cuando leen desde el archivo del dispositivo /dev/vhost-net. • https://access.redhat.com/errata/RHSA-2024:3618 https://access.redhat.com/errata/RHSA-2024:3627 https://access.redhat.com/security/cve/CVE-2024-0340 https://bugzilla.redhat.com/show_bug.cgi?id=2257406 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-7192 – Kernel: refcount leak in ctnetlink_create_conntrack()
https://notcve.org/view.php?id=CVE-2023-7192
A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow. Se encontró un problema de pérdida de memoria en ctnetlink_create_conntrack en net/netfilter/nf_conntrack_netlink.c en el kernel de Linux. Este problema puede permitir que un atacante local con privilegios CAP_NET_ADMIN provoque un ataque de denegación de servicio (DoS) debido a un desbordamiento de recuento. • https://access.redhat.com/errata/RHSA-2024:0723 https://access.redhat.com/errata/RHSA-2024:0725 https://access.redhat.com/errata/RHSA-2024:1188 https://access.redhat.com/errata/RHSA-2024:1250 https://access.redhat.com/errata/RHSA-2024:1306 https://access.redhat.com/errata/RHSA-2024:1367 https://access.redhat.com/errata/RHSA-2024:1382 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:2006 https://access.redhat.com/errata/RHSA • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2023-6531 – Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf
https://notcve.org/view.php?id=CVE-2023-6531
A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. Se encontró una falla de use-after-free en el kernel de Linux debido a un problema de ejecución en la eliminación de ejecución de SKB por parte del recolector de basura de Unix con unix_stream_read_generic() en el socket en el que el SKB está en cola. Linux suffers from an io_uring use-after-free vulnerability due to broken unix GC interaction. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/security/cve/CVE-2023-6531 https://bugzilla.redhat.com/show_bug.cgi?id=2253034 https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2023-51781
https://notcve.org/view.php?id=CVE-2023-51781
An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition. Se descubrió un problema en el kernel de Linux anterior a 6.6.8. atalk_ioctl en net/appletalk/ddp.c tiene un use after free debido a una condición de ejecución atalk_recvmsg. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html • CWE-416: Use After Free •