CVE-2023-2163 – Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-2163
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. La poda incorrecta del verificador en BPF en el kernel de Linux >=5.4 conduce a que las rutas de código inseguras se marquen incorrectamente como seguras, lo que resulta en lectura/escritura arbitraria en la memoria del kernel, escalada de privilegios lateral y escape de contenedor. An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed https://access.redhat.com/security/cve/CVE-2023-2163 https://bugzilla.redhat.com/show_bug.cgi?id=2240249 • CWE-682: Incorrect Calculation •
CVE-2023-4394 – Memory leak in btrfs_get_dev_args_from_path()
https://notcve.org/view.php?id=CVE-2023-4394
A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information • https://access.redhat.com/security/cve/CVE-2023-4394 https://bugzilla.redhat.com/show_bug.cgi?id=2219263 https://patchwork.kernel.org/project/linux-btrfs/patch/20220815151606.3479183-1-r33s3n6@gmail.com • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVE-2023-40283 – kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
https://notcve.org/view.php?id=CVE-2023-40283
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. A flaw was found in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.htm • CWE-416: Use After Free •
CVE-2023-4273 – Kernel: exfat: stack overflow in exfat_get_uniname_from_ext_entry
https://notcve.org/view.php?id=CVE-2023-4273
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. Se ha encontrado un fallo en el controlador exFAT del núcleo de Linux. La vulnerabilidad se encuentra en la implementación de la función de reconstrucción de nombres de archivo, que se encarga de leer entradas de nombres de archivo de un índice de directorio y fusionar partes de nombres de archivo pertenecientes a un archivo en un único nombre de archivo largo. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/security/cve/CVE-2023-4273 https://bugzilla.redhat.com/show_bug.cgi?id=2221609 https://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-4194 – Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid
https://notcve.org/view.php?id=CVE-2023-4194
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. Se ha encontrado un fallo en la funcionalidad TUN/TAP del kernel de Linux. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/security/cve/CVE-2023-4194 https://bugzilla.redhat.com/show_bug.cgi?id=2229498 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TYLSJ2SAI7RF56ZLQ5CQWCJLVJSD73Q https://lore.kernel.org/all/20230731164237.48365-1 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-863: Incorrect Authorization •