CVE-2023-3390 – Use-after-free in Linux kernel's netfilter subsystem
https://notcve.org/view.php?id=CVE-2023-3390
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. Se encontró una vulnerabilidad de use-after-free en el subsistema netfilter del kernel de Linux en net/netfilter/nf_tables_api.c. El manejo de errores mal manejado con NFT_MSG_NEWRULE permite usar un puntero colgante en la misma transacción que causa una vulnerabilidad de use-after-free. Esta falla permite que un atacante local con acceso de usuario cause un problema de escalada de privilegios. • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97 https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97 https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230818-0004 https://www.debian.org/security/2023/dsa-5448 https • CWE-416: Use After Free •
CVE-2023-3389 – Use after free in io_uring in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-3389
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable). Una vulnerabilidad de use-after-free en el subsistema de io_uring del kernel de Linux puede ser explotada para lograr la escalada de privilegios locales. Ejecutar una solicitud de io_uring cancelar sondeo con un tiempo de espera vinculado puede provocar una UAF en un hrtimer. Recomendamos actualizar al commit anterior ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 para 5.10 stable y 0e388fce7aec40992eadee654193cad345d62663 para 5.15 stable). • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=4716c73b188566865bdd79c3a6709696a224ac04 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=0e388fce7aec40992eadee654193cad345d62663 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59 https://kernel.dance/0e388fce7aec40992eade • CWE-416: Use After Free •
CVE-2023-3090 – Out-of-bounds write in Linux kernel's ipvlan network driver
https://notcve.org/view.php?id=CVE-2023-3090
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. Una vulnerabilidad de escritura fuera de los límites de la memoria en el controlador de red ipvlan del kernel de Linux se puede explotar para lograr la escalada de privilegios locales. La escritura fuera de los límites se debe a la falta de inicialización skb->cb en el controlador de red ipvlan. La vulnerabilidad es accesible si CONFIG_IPVLAN está habilitada. • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security • CWE-787: Out-of-bounds Write •
CVE-2023-1295 – Privilege escalation with IO_RING_OP_CLOSE in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-1295
A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9eac1904d3364254d622bf2c771c4f85cd435fc2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb https://kernel.dance/788d0824269bef539fe31a785b1517882eafed93 https://kernel.dance/9eac1904d3364254d622bf2c771c4f85cd435fc2 https://security.netapp.com/advisory/ntap-20230731-0006 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2023-3358 – kernel: NULL pointer dereference due to missing kalloc() return value check in shtp_cl_get_dma_send_buf()
https://notcve.org/view.php?id=CVE-2023-3358
A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d40c3ec3dc4ad78017de6c3a38979f57aaaab8 https://access.redhat.com/security/cve/CVE-2023-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2169343 • CWE-476: NULL Pointer Dereference •