CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39194 – Kernel: xfrm: out-of-bounds read in __xfrm_state_filter_match()
https://notcve.org/view.php?id=CVE-2023-39194
A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. Se encontró una falla en el subsistema XFRM del kernel de Linux. La falla específica existe en el procesamiento de filtros de estado, lo que puede resultar en una lectura más allá del final de un búfer asignado. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39194 https://bugzilla.redhat.com/show_bug.cgi?id=2226788 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111 • CWE-125: Out-of-bounds Read •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39191 – Kernel: ebpf: insufficient stack type checks in dynptr
https://notcve.org/view.php?id=CVE-2023-39191
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel. Se encontró una falla de validación de entrada incorrecta en el subsistema eBPF del kernel de Linux. El problema se debe a una falta de validación adecuada de los punteros dinámicos dentro de los programas eBPF proporcionados por el usuario antes de ejecutarlos. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2024:0381 https://access.redhat.com/errata/RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0448 https://access.redhat.com/security/cve/CVE-2023-39191 https://bugzilla.redhat.com/show_bug.cgi?id=2226783 https://www.zerodayinitiative.com/advisories/ZDI-CAN-19399 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 2CVE-2023-42756 – Kernel: netfilter: race condition between ipset_cmd_add and ipset_cmd_swap
https://notcve.org/view.php?id=CVE-2023-42756
A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. Se encontró una falla en el subsistema Netfilter del kernel de Linux. Una condición de ejecución entre IPSET_CMD_ADD e IPSET_CMD_SWAP puede provocar un panic en el kernel debido a la invocación de `__ip_set_put` en un `set` incorrecto. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/security/cve/CVE-2023-42756 https://bugzilla.redhat.com/show_bug.cgi?id=2239848 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6 https://lists.fedoraproject.org/archives/list/package& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-42753 – Kernel: netfilter: potential slab-out-of-bound access due to integer underflow
https://notcve.org/view.php?id=CVE-2023-42753
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. Se encontró una vulnerabilidad de indexación de matrices en el subsistema netfilter del kernel de Linux. Una macro faltante podría provocar un error de cálculo del desplazamiento de la matriz `h->nets`, proporcionando a los atacantes la primitiva de incrementar/disminuir arbitrariamente un búfer de memoria fuera de límites. • http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://access.redhat.com/errata/RHSA-2023:7370 https://access.redhat.com/errata/RHSA-2023:7379 https://access.redhat.com/errata/RHSA-2023:7382 https://access.redhat.com/errata/RHSA-2023:7389 https://access.redhat.com/errata/RHSA-2023:7411 https://access.redhat.com/errata/RHSA-2023:7418 https://access.redhat.com/errata/RHSA-2023:7539 https://access.redhat.com/errata/RHSA-2023:7558 h • CWE-787: Out-of-bounds Write •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4155 – Sev-es / sev-snp vmgexit double fetch vulnerability
https://notcve.org/view.php?id=CVE-2023-4155
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). Se encontró una falla en KVM AMD Secure Encrypted Virtualization (SEV) en el kernel de Linux. Un invitado KVM que utilice SEV-ES o SEV-SNP con múltiples vCPU puede desencadenar una vulnerabilidad de condición de ejecución de recuperación doble e invocar el controlador "VMGEXIT" de forma recursiva. • https://access.redhat.com/security/cve/CVE-2023-4155 https://bugzilla.redhat.com/show_bug.cgi?id=2213802 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •