CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6111 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-6111
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times. We recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630. Una vulnerabilidad de use-after-free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para lograr una escalada de privilegios local. La función nft_trans_gc_catchall no eliminó el elemento del conjunto general de catchall_list cuando el argumento sync es verdadero, lo que hace posible liberar un elemento del conjunto general muchas veces. Recomendamos actualizar más allá del commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93995bf4af2c5a99e2a87f0cd5ce547d31eb7630 https://kernel.dance/93995bf4af2c5a99e2a87f0cd5ce547d31eb7630 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OXWBKK7RTQOGGDLQGCZFS753VLGS2GD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3S55P23EYAWDHXZPJEVTGIRZZRICYI3Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IG6IF3FUY7LVZJMFRPANAU4L4PSJ3ESQ https://li • CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34324 – Possible deadlock in Linux kernel event handling
https://notcve.org/view.php?id=CVE-2023-34324
Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock). El cierre de un canal de eventos en el kernel de Linux puede provocar un punto muerto. Esto sucede cuando el cierre se realiza en paralelo a una acción de la consola Xen no relacionada y al manejo de una interrupción de la consola Xen en un invitado sin privilegios. El cierre de un canal de eventos se desencadena, por ejemplo, al retirar un dispositivo paravirtual del otro lado. • https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html https://xenbits.xenproject.org/xsa/advisory-441.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39198 – Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()
https://notcve.org/view.php?id=CVE-2023-39198
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Se encontró una condición de ejecución en el controlador QXL del kernel de Linux. La función qxl_mode_dumb_create() desreferencia el qobj devuelto por qxl_gem_object_create_with_handle(), pero el identificador es el único que contiene una referencia a él. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39198 https://bugzilla.redhat.com/show_bug.cgi?id=2218332 https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6039 – Kernel: use-after-free in drivers/net/usb/lan78xx.c in lan78xx_disconnect
https://notcve.org/view.php?id=CVE-2023-6039
A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. Se encontró una falla de use-after-free en lan78xx_disconnect en drivers/net/usb/lan78xx.c en el subcomponente de red, net/usb/lan78xx en el kernel de Linux. Esta falla permite que un atacante local bloquee el sistema cuando el dispositivo USB LAN78XX se desconecta. • https://access.redhat.com/security/cve/CVE-2023-6039 https://bugzilla.redhat.com/show_bug.cgi?id=2248755 https://github.com/torvalds/linux/commit/1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-5090 – Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs
https://notcve.org/view.php?id=CVE-2023-5090
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Se encontró una falla en KVM. Una verificación incorrecta en svm_set_x2apic_msr_interception() puede permitir el acceso directo al host x2apic msrs cuando el invitado restablece su apic, lo que podría provocar una condición de denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:3854 https://access.redhat.com/errata/RHSA-2024:3855 https://access.redhat.com/errata/RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4352 https://access.redhat.com/security/cve/CVE-2023-5090 https://bugzilla.redhat.com/show_bug.cgi?id=2248122 https://access.redhat.com/errata/RHSA-2024:2758 • CWE-755: Improper Handling of Exceptional Conditions •