CVE-2023-1326 – local privilege escalation in apport-cli
https://notcve.org/view.php?id=CVE-2023-1326
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. • https://github.com/diego-tella/CVE-2023-1326-PoC https://github.com/cve-2024/CVE-2023-1326-PoC https://github.com/Pol-Ruiz/CVE-2023-1326 https://github.com/N3rdyN3xus/CVE-2023-1326 https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb https://ubuntu.com/security/notices/USN-6018-1 • CWE-269: Improper Privilege Management •
CVE-2023-1032
https://notcve.org/view.php?id=CVE-2023-1032
The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067. La operación io_uring IORING_OP_SOCKET del kernel de Linux contenía una función de double free __sys_socket_file() en el archivo net/socket.c. Este problema se introdujo en da214a475f8bd1d3e9e7a19ddfeb4d1617551bab y se solucionó en 649c15c7691e9b13cbe9bf6c65c365350e056067. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032 https://ubuntu.com/security/notices/USN-5977-1 https://ubuntu.com/security/notices/USN-6024-1 https://ubuntu.com/security/notices/USN-6033-1 https://www.openwall.com/lists/oss-security/2023/03/13/2 • CWE-415: Double Free •
CVE-2023-1380
https://notcve.org/view.php?id=CVE-2023-1380
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html https://bugzilla.redhat.com/show_bug.cgi?id=2177883 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang%40yonsei.ac.kr/T/#u https://security.netapp.com& • CWE-125: Out-of-bounds Read •
CVE-2023-0179 – kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan
https://notcve.org/view.php?id=CVE-2023-0179
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. • https://github.com/TurtleARM/CVE-2023-0179-PoC https://github.com/H4K6/CVE-2023-0179-PoC http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNS-0093-1.html https://bugzilla.redhat.com/show_bug.cgi?id=2161713 https://seclists.org/oss-sec/2023/q1/20 https://security.netapp.com/advisory/ntap-20230511-0003 https://access.redhat.com/security/cve/CVE-2023-0179 • CWE-190: Integer Overflow or Wraparound •
CVE-2022-3328 – snap-confine must_mkdir_and_open_with_perms() Race Condition
https://notcve.org/view.php?id=CVE-2022-3328
Race condition in snap-confine's must_mkdir_and_open_with_perms() Condición de ejecución en must_mkdir_and_open_with_perms() de snap-confine • https://github.com/Mr-xn/CVE-2022-3328 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 https://ubuntu.com/security/notices/USN-5753-1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •