[Debian] High CVE: CVE-2024-0193/CVE-2023-6606/CVE-2023-6040/CVE-2024-0646 kernel : multiple CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Triaged
|
High
|
Peng Zhang |
Bug Description
CVE-2023-52436: https:/
In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed.
CVE-2023-52439: https:/
In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 -------
CVE-2023-52438: https:/
In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc->vma pointer isn't safe as it can race with munmap(). As of commit dd2283f2605e ("mm: mmap: zap pages with read mmap_sem in munmap") the mmap lock is downgraded after the vma has been isolated. I was able to reproduce this issue by manually adding some delays and triggering page reclaiming through the shrinker's debug sysfs. The following KASAN report confirms the UAF: =======
CVE-2023-52433: https:/
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an already released object. Once transaction is finished, async GC will collect such expired element.
CVE-2024-23196: https:/
A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_
CVE-2023-51779: https:/
CVE-2023-45863: https:/
An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.
CVE-2021-44879: https:/
In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.
CVE-2023-39198: https:/
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_
CVE-2023-46838: https:/
CVE-2023-6915: https:/
A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.
CVE-2023-46343: https:/
In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.
CVE-2023-51042: https:/
In the Linux kernel before 6.4.12, amdgpu_
CVE-2023-51043: https:/
In the Linux kernel before 6.4.5, drivers/
CVE-2024-0584: https:/
A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak.
CVE-2024-0639: https:/
A denial of service vulnerability due to a deadlock was found in sctp_auto_
CVE-2024-0641: https:/
A denial of service vulnerability was found in tipc_crypto_
CVE-2024-0646: https:/
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2024-0775: https:/
A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.
CVE-2023-6040: https:/
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_
CVE-2024-0193: https:/
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.
CVE-2023-6606: https:/
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/
Base Score: High
Reference:
Upgrade Yocto Linux_5.10.209
summary: |
- [Debian] High CVE: CVE-2024-0193/CVE-2023-6606 kernel : multiple CVEs + [Debian] High CVE: CVE-2024-0193/CVE-2023-6606/CVE-2023-6040 kernel : + multiple CVEs |
description: | updated |
description: | updated |
summary: |
- [Debian] High CVE: CVE-2024-0193/CVE-2023-6606/CVE-2023-6040 kernel : + [Debian] High CVE: + CVE-2024-0193/CVE-2023-6606/CVE-2023-6040/CVE-2024-0646 kernel : multiple CVEs |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in starlingx: | |
assignee: | nobody → Peng Zhang (pzhang2) |
Changing the target release to stx.10.0 since the r/stx.9.0 release branch is created and the team doesn't port CVE fixes to released branches.