[Debian] High CVE: CVE-2023-35827/CVE-2023-5717/CVE-2023-5178/CVE-2023-46813 kernel: multiple CVEs

CVE-2023-51782: https://nvd.nist.gov/vuln/detail/CVE-2023-51782

CVE-2023-51781:https://nvd.nist.gov/vuln/detail/CVE-2023-51781

CVE-2023-51780: https://nvd.nist.gov/vuln/detail/CVE-2023-51780

CVE-2023-6531: https://nvd.nist.gov/vuln/detail/CVE-2023-6531

CVE-2023-6121: https://nvd.nist.gov/vuln/detail/CVE-2023-6121

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).

CVE-2023-6546: https://nvd.nist.gov/vuln/detail/CVE-2023-6546

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

CVE-2023-6931: https://nvd.nist.gov/vuln/detail/CVE-2023-6931

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.

CVE-2023-6932: https://nvd.nist.gov/vuln/detail/CVE-2023-6932

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.

CVE-2023-6817: https://nvd.nist.gov/vuln/detail/CVE-2023-6817

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.

CVE-2023-46862: https://nvd.nist.gov/vuln/detail/CVE-2023-46862

An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.

CVE-2023-45863: https://nvd.nist.gov/vuln/detail/CVE-2023-45863

An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.

CVE-2023-39197: https://nvd.nist.gov/vuln/detail/CVE-2023-39197

CVE-2023-6176: https://nvd.nist.gov/vuln/detail/CVE-2023-6176

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.

CVE-2023-4881: https://nvd.nist.gov/vuln/detail/CVE-2023-4881

Rejected reason: CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.

CVE-2023-34324:  https://nvd.nist.gov/vuln/detail/CVE-2023-34324

CVE-2023-5717: https://nvd.nist.gov/vuln/detail/CVE-2023-5717

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.

CVE-2023-5178: https://nvd.nist.gov/vuln/detail/CVE-2023-5178

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges.

CVE-2023-46813: https://nvd.nist.gov/vuln/detail/CVE-2023-46813

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.

CVE-2023-35827: https://nvd.nist.gov/vuln/detail/CVE-2023-35827

An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.

Base Score: High

Reference:

Upgrade Yocto Linux_5.10.205