| 2023-05-31 03:15:00 |
Yue Tao |
bug |
|
|
added bug |
| 2023-05-31 03:15:09 |
Yue Tao |
cve linked |
|
2023-32233 |
|
| 2023-05-31 03:15:14 |
Yue Tao |
cve linked |
|
2023-31436 |
|
| 2023-05-31 03:15:26 |
Yue Tao |
cve linked |
|
2023-1859 |
|
| 2023-05-31 03:15:37 |
Yue Tao |
tags |
|
stx.9.0 stx.security |
|
| 2023-05-31 03:16:17 |
Yue Tao |
summary |
[Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-31436/CVE-2023-1859: kernel: multiple CVEs |
[Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859: kernel: multiple CVEs |
|
| 2023-05-31 03:16:22 |
Yue Tao |
cve linked |
|
2023-2513 |
|
| 2023-06-04 13:21:19 |
Peng Zhang |
starlingx: assignee |
|
Peng Zhang (pzhang2) |
|
| 2023-06-04 13:21:31 |
Peng Zhang |
starlingx: status |
Triaged |
In Progress |
|
| 2023-06-06 06:06:19 |
Yue Tao |
summary |
[Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859: kernel: multiple CVEs |
[Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859/CVE-2023-2156: kernel: multiple CVEs |
|
| 2023-06-06 06:06:24 |
Yue Tao |
cve linked |
|
2023-2156 |
|
| 2023-06-08 01:54:37 |
Yue Tao |
description |
CVE-2023-32233: https://nvd.nist.gov/vuln/detail/CVE-2023-32233
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
CVE-2023-31436: https://nvd.nist.gov/vuln/detail/CVE-2023-31436
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
CVE-2023-2513: https://nvd.nist.gov/vuln/detail/CVE-2023-2513
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
CVE-2023-1859: https://nvd.nist.gov/vuln/detail/CVE-2023-1859
A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.
Base Score: High
References:
linux_5.10.180 |
CVE-2023-32233: https://nvd.nist.gov/vuln/detail/CVE-2023-32233
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
CVE-2023-31436: https://nvd.nist.gov/vuln/detail/CVE-2023-31436
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
CVE-2023-2513: https://nvd.nist.gov/vuln/detail/CVE-2023-2513
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
CVE-2023-1859: https://nvd.nist.gov/vuln/detail/CVE-2023-1859
A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.
CVE-2023-2156: https://nvd.nist.gov/vuln/detail/CVE-2023-2156
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.
CVE-2023-34256: https://nvd.nist.gov/vuln/detail/CVE-2023-34256
DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.
Base Score: High
References:
linux_5.10.180 |
|
| 2023-06-08 01:54:44 |
Yue Tao |
cve linked |
|
2023-34256 |
|
| 2023-06-08 01:54:59 |
Yue Tao |
summary |
[Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859/CVE-2023-2156: kernel: multiple CVEs |
[Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859/CVE-2023-2156/CVE-2023-34256: kernel: multiple CVEs |
|
| 2023-06-09 15:17:15 |
OpenStack Infra |
starlingx: status |
In Progress |
Fix Released |
|
