CVE-2024-0564 – Kernel: max page sharing of kernel samepage merging (ksm) may cause memory deduplication
https://notcve.org/view.php?id=CVE-2024-0564
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page. • https://access.redhat.com/security/cve/CVE-2024-0564 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513 https://bugzilla.redhat.com/show_bug.cgi?id=2258514 https://link.springer.com/conference/wisa https://wisa.or.kr/accepted • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-203: Observable Discrepancy •
CVE-2024-21803 – Possible UAF in bt_accept_poll in Linux kernel
https://notcve.org/view.php?id=CVE-2024-21803
Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1. Vulnerabilidad de Use After Free en El kernel de Linux en Linux, x86, ARM (módulos bluetooth) permite la ejecución local de código. Esta vulnerabilidad está asociada con archivos de programa https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. Este problema afecta al kernel de Linux: desde v2.6.12-rc2 antes de v6.8-rc1. • https://bugzilla.openanolis.cn/show_bug.cgi?id=8081 • CWE-416: Use After Free •
CVE-2023-46838 – Linux: netback processing of zero-length transmit fragment
https://notcve.org/view.php?id=CVE-2023-46838
Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code. Las solicitudes de transmisión en el protocolo de red virtual de Xen pueden constar de varias partes. • https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGEKT4DKSDXDS34EL7M4UVJMMPH7Z3ZZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP https://xenbits.xenproject.org/xsa/advisory-448.html • CWE-476: NULL Pointer Dereference •
CVE-2023-6200 – Kernel: icmpv6 router advertisement packets, aka linux tcp/ip remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-6200
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution. Se encontró una condición de ejecución en el kernel de Linux. Bajo ciertas condiciones, un atacante no autenticado de una red adyacente podría enviar un paquete de publicidad de enrutador ICMPv6, provocando la ejecución de código arbitrario. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-6200 https://bugzilla.redhat.com/show_bug.cgi?id=2250377 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2024-23307 – Integer overflow in raid5_cache_count in Linux kernel
https://notcve.org/view.php?id=CVE-2024-23307
Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow. Desbordamiento de enteros o vulnerabilidad Wraparound en el kernel de Linux en Linux, x86, ARM (módulos md, raid, raid5) permite el desbordamiento de enteros forzado. • https://bugzilla.openanolis.cn/show_bug.cgi?id=7975 https://access.redhat.com/security/cve/CVE-2024-23307 https://bugzilla.redhat.com/show_bug.cgi?id=2267705 • CWE-190: Integer Overflow or Wraparound •