CVE-2023-52355 – Libtiff: tiffrasterscanlinesize64 produce too-big size and could cause oom
https://notcve.org/view.php?id=CVE-2023-52355
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. Se encontró un fallo de falta de memoria en libtiff que podría activarse al pasar un archivo tiff diseñado a la API TIFFRasterScanlineSize64(). Este fallo permite que un atacante remoto provoque una denegación de servicio a través de una entrada manipulada con un tamaño inferior a 379 KB. • https://access.redhat.com/security/cve/CVE-2023-52355 https://bugzilla.redhat.com/show_bug.cgi?id=2251326 https://gitlab.com/libtiff/libtiff/-/issues/621 • CWE-787: Out-of-bounds Write •
CVE-2023-40547 – Shim: rce in http boot support may lead to secure boot bypass
https://notcve.org/view.php?id=CVE-2023-40547
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. Se encontró una vulnerabilidad de ejecución remota de código en Shim. • http://www.openwall.com/lists/oss-security/2024/01/26/1 https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com& • CWE-346: Origin Validation Error CWE-787: Out-of-bounds Write •
CVE-2024-0775 – Kernel: use-after-free while changing the mount option in __ext4_remount leading
https://notcve.org/view.php?id=CVE-2024-0775
A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. Se encontró una falla de use-after-free en __ext4_remount en fs/ext4/super.c en ext4 en el kernel de Linux. Esta falla permite que un usuario local cause un problema de fuga de información mientras libera los nombres de archivos de cuota antiguos antes de una posible falla, lo que lleva a un use-after-free. • https://access.redhat.com/security/cve/CVE-2024-0775 https://bugzilla.redhat.com/show_bug.cgi?id=2259414 https://scm.linefinity.com/common/linux-stable/commit/4c0b4818b1f636bc96359f7817a2d8bab6370162 • CWE-416: Use After Free •
CVE-2024-0607 – Kernel: nf_tables: pointer math issue in nft_byteorder_eval()
https://notcve.org/view.php?id=CVE-2024-0607
A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality. • https://access.redhat.com/security/cve/CVE-2024-0607 https://bugzilla.redhat.com/show_bug.cgi?id=2258635 https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html • CWE-229: Improper Handling of Values •
CVE-2024-0646 – Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination
https://notcve.org/view.php?id=CVE-2024-0646
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se encontró un fallo de escritura de memoria fuera de los límites en la funcionalidad Transport Layer Security del kernel de Linux en la forma en que un usuario llama a una función splice con un socket ktls como destino. este fallo permite que un usuario local falle o potencialmente aumente sus privilegios en el sistema. • https://access.redhat.com/errata/RHSA-2024:0723 https://access.redhat.com/errata/RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0725 https://access.redhat.com/errata/RHSA-2024:0850 https://access.redhat.com/errata/RHSA-2024:0851 https://access.redhat.com/errata/RHSA-2024:0876 https://access.redhat.com/errata/RHSA-2024:0881 https://access.redhat.com/errata/RHSA-2024:0897 https://access.redhat.com/errata/RHSA-2024:1248 https://access.redhat.com/errata/RHSA • CWE-787: Out-of-bounds Write •