CVE-2023-5178 – Kernel: use after free in nvmet_tcp_free_crypto in nvme
https://notcve.org/view.php?id=CVE-2023-5178
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. Se encontró una vulnerabilidad de use-after-free en drivers/nvme/target/tcp.c` en `nvmet_tcp_free_crypto` debido a un error lógico en el subsistema NVMe-oF/TCP en el kernel de Linux. Este problema puede permitir que un usuario malintencionado cause un problema de use-after-free y double-free, lo que puede permitir la ejecución remota de código o provocar una escalada de privilegios locales en caso de que el atacante ya tenga privilegios locales. • https://github.com/rockrid3r/CVE-2023-5178 https://access.redhat.com/errata/RHSA-2023:7370 https://access.redhat.com/errata/RHSA-2023:7379 https://access.redhat.com/errata/RHSA-2023:7418 https://access.redhat.com/errata/RHSA-2023:7548 https://access.redhat.com/errata/RHSA-2023:7549 https://access.redhat.com/errata/RHSA-2023:7551 https://access.redhat.com/errata/RHSA-2023:7554 https://access.redhat.com/errata/RHSA-2023:7557 https://access.redhat.com/errata/RHSA-2023 • CWE-416: Use After Free •
CVE-2023-38426
https://notcve.org/view.php?id=CVE-2023-38426
An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length. Se descubrió un problema en el kernel de Linux antes de 6.3.4. KSMBD tiene una lectura fuera de los límites en smb2_find_context_vals cuando el name_len de create_context es mayor que la longitud de la etiqueta. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=02f76c401d17e409ed45bf7887148fcc22c93c85 https://security.netapp.com/advisory/ntap-20230915-0010 • CWE-125: Out-of-bounds Read •
CVE-2023-38431
https://notcve.org/view.php?id=CVE-2023-38431
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=368ba06881c395f1c9a7ba22203cf8d78b4addc0 https://security.netapp.com/advisory/ntap-20230824-0011 • CWE-125: Out-of-bounds Read •
CVE-2023-38428
https://notcve.org/view.php?id=CVE-2023-38428
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f https://security.netapp.com/advisory/ntap-20230831-0001 • CWE-125: Out-of-bounds Read •
CVE-2023-2007 – Linux Kernel DPT I2O Controller Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-2007
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DPT I2O Controller driver. • https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240119-0011 https://www.debian.org/security/2023/dsa-5480 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-667: Improper Locking •