[Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859/CVE-2023-2156/CVE-2023-34256: kernel: multiple CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Peng Zhang |
Bug Description
CVE-2023-32233: https:/
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
CVE-2023-31436: https:/
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
CVE-2023-2513: https:/
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
CVE-2023-1859: https:/
A use-after-free flaw was found in xen_9pfs_
CVE-2023-2156: https:/
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.
CVE-2023-34256: https:/
DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_
Base Score: High
References:
linux_5.10.180
CVE References
tags: | added: stx.9.0 stx.security |
summary: |
- [Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-31436/CVE-2023-1859: + [Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859: kernel: multiple CVEs |
Changed in starlingx: | |
assignee: | nobody → Peng Zhang (pzhang2) |
status: | Triaged → In Progress |
summary: |
- [Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859: + [Debian] + CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859/CVE-2023-2156: kernel: multiple CVEs |
description: | updated |
summary: |
[Debian] - CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859/CVE-2023-2156: + CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859/CVE-2023-2156/CVE-2023-34256: kernel: multiple CVEs |
Fix proposed to branch: master /review. opendev. org/c/starlingx /kernel/ +/885755
Review: https:/