CVE-2023-4206 – Use-after-free in Linux kernel's net/sched: cls_route component
https://notcve.org/view.php?id=CVE-2023-4206
A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8. Una vulnerabilidad de use-after-free en el componente net/sched: cls_route del kernel de Linux se puede explotar para lograr una escalada de privilegios local. Cuando se llama a route4_change() en un filtro existente, toda la estructura tcf_result siempre se copia en la nueva instancia del filtro. Esto causa un problema al actualizar un filtro vinculado a una clase, ya que siempre se llama a tcf_unbind_filter() en la instancia anterior en la ruta exitosa, lo que disminuye filter_cnt de la clase a la que todavía se hace referencia y permite que se elimine, lo que lleva a un use-after-free. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 https://kernel.dance/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-4206 https://bugzilla.redhat.com/show_bug.cgi?id=2225511 • CWE-416: Use After Free •
CVE-2023-20850
https://notcve.org/view.php?id=CVE-2023-20850
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381. En imgsys_cmdq, existe una posible escritura fuera de límites debido a que falta una verificación de rango válido. • https://corp.mediatek.com/product-security-bulletin/September-2023 • CWE-787: Out-of-bounds Write •
CVE-2023-20849
https://notcve.org/view.php?id=CVE-2023-20849
In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350. En imgsys_cmdq, existe un posible Use After Free debido a una falta de comprobación de rango válido. • https://corp.mediatek.com/product-security-bulletin/September-2023 • CWE-416: Use After Free •
CVE-2023-20848
https://notcve.org/view.php?id=CVE-2023-20848
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433. En imgsys_cmdq, existe una posible lectura fuera de los límites debido a la falta de comprobación de rango válido. • https://corp.mediatek.com/product-security-bulletin/September-2023 • CWE-125: Out-of-bounds Read •
CVE-2023-20847
https://notcve.org/view.php?id=CVE-2023-20847
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108. En imgsys_cmdq, existe una posible lectura fuera de los límites debido a la falta de comprobación de rango válido. • https://corp.mediatek.com/product-security-bulletin/September-2023 • CWE-125: Out-of-bounds Read •