[Debian] High CVE: CVE-2023-3090/CVE-2023-3212/CVE-2023-35788/CVE-2023-3141/CVE-2023-3111/CVE-2023-3338/CVE-2023-2124/CVE-2023-3609: kernel: multiple CVEs

CVE-2023-3609: https://nvd.nist.gov/vuln/detail/CVE-2023-3609

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.

CVE-2023-3090: https://nvd.nist.gov/vuln/detail/CVE-2023-3090

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.

The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.

We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.

CVE-2023-3212: https://nvd.nist.gov/vuln/detail/CVE-2023-3212

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.

CVE-2023-35788: https://nvd.nist.gov/vuln/detail/CVE-2023-35788

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.

CVE-2023-3141: https://nvd.nist.gov/vuln/detail/CVE-2023-3141

A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.

CVE-2023-3111: https://nvd.nist.gov/vuln/detail/CVE-2023-3111

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().

CVE-2023-2124: https://nvd.nist.gov/vuln/detail/CVE-2023-2124

An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVE-2023-3338: https://nvd.nist.gov/vuln/detail/CVE-2023-3338

A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system.

Base Score: High

References:

Upgrade Yocto linux_5.10.185