[Debian] High CVE: CVE-2023-4004/CVE-2023-31248/CVE-2023-35001/CVE-2023-3117/CVE-2023-3611/CVE-2023-3610/CVE-2023-3776/CVE-2023-3390/CVE-2023-2898/CVE-2023-3863/CVE-2023-20593/CVE-2023-4132 kernel: multiple CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Peng Zhang |
Bug Description
CVE-2023-4132: https:/
A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.
CVE-2023-4004: https:/
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_
CVE-2023-20593: https:/
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
CVE-2023-3863: https:/
A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.
CVE-2023-31248: https:/
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_
CVE-2023-35001: https:/
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
CVE-2023-3117: https:/
A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system.
CVE-2023-3611: https:/
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.
We recommend upgrading past commit 3e337087c3b5805
CVE-2023-3610: https:/
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.
We recommend upgrading past commit 4bedf9eee016286
CVE-2023-3776: https:/
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.
If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.
We recommend upgrading past commit 0323bce598eea03
CVE-2023-3390: https:/
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/
Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.
We recommend upgrading past commit 1240eb93f0616b2
CVE-2023-2898: https:/
There is a null-pointer-
Base Score: High
References:
Upgrade Yocto linux_5.10.188
tags: | added: stx.9.0 stx.security |
summary: |
[Debian] High CVE: - CVE-2023-31248/CVE-2023-35001/CVE-2023-3117/CVE-2023-3611/CVE-2023-3610/CVE-2023-3776/CVE-2023-3390/CVE-2023-2898 + CVE-2023-31248/CVE-2023-35001/CVE-2023-3117/CVE-2023-3611/CVE-2023-3610/CVE-2023-3776/CVE-2023-3390/CVE-2023-2898/CVE-2023-3863 kernel: multiple CVEs |
description: | updated |
summary: |
[Debian] High CVE: - CVE-2023-31248/CVE-2023-35001/CVE-2023-3117/CVE-2023-3611/CVE-2023-3610/CVE-2023-3776/CVE-2023-3390/CVE-2023-2898/CVE-2023-3863 + CVE-2023-31248/CVE-2023-35001/CVE-2023-3117/CVE-2023-3611/CVE-2023-3610/CVE-2023-3776/CVE-2023-3390/CVE-2023-2898/CVE-2023-3863/CVE-2023-20593 kernel: multiple CVEs |
description: | updated |
summary: |
[Debian] High CVE: - CVE-2023-31248/CVE-2023-35001/CVE-2023-3117/CVE-2023-3611/CVE-2023-3610/CVE-2023-3776/CVE-2023-3390/CVE-2023-2898/CVE-2023-3863/CVE-2023-20593 + CVE-2023-4004/CVE-2023-31248/CVE-2023-35001/CVE-2023-3117/CVE-2023-3611/CVE-2023-3610/CVE-2023-3776/CVE-2023-3390/CVE-2023-2898/CVE-2023-3863/CVE-2023-20593 kernel: multiple CVEs |
description: | updated |
summary: |
[Debian] High CVE: - CVE-2023-4004/CVE-2023-31248/CVE-2023-35001/CVE-2023-3117/CVE-2023-3611/CVE-2023-3610/CVE-2023-3776/CVE-2023-3390/CVE-2023-2898/CVE-2023-3863/CVE-2023-20593 + CVE-2023-4004/CVE-2023-31248/CVE-2023-35001/CVE-2023-3117/CVE-2023-3611/CVE-2023-3610/CVE-2023-3776/CVE-2023-3390/CVE-2023-2898/CVE-2023-3863/CVE-2023-20593/CVE-2023-4132 kernel: multiple CVEs |
description: | updated |
Changed in starlingx: | |
assignee: | nobody → Peng Zhang (pzhang2) |
Fix proposed to branch: master /review. opendev. org/c/starlingx /kernel/ +/895943
Review: https:/