blob: 56aa3005d184b7fdcb595e68b8a521eb485993b0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
Package : linux
CVE ID : CVE-2023-2124 CVE-2023-2156 CVE-2023-2269 CVE-2023-3090 CVE-2023-3212 CVE-2023-3268 CVE-2023-3269 CVE-2023-3390 CVE-2023-31084 CVE-2023-32250 CVE-2023-32254 CVE-2023-35788
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2023-2124
Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing
metadata validation may result in denial of service or potential
privilege escalation if a corrupted XFS disk image is mounted.
CVE-2023-2156
It was discovered that the IPv6 RPL protocol implementation in the
Linux kernel did not properly handled user-supplied data, resulting
in a triggerable assertion. An unauthenticated remote attacker can
take advantage of this flaw for denial of service.
CVE-2023-2269
Zheng Zhang reported that improper handling of locking in the device
mapper implementation may result in denial of service.
CVE-2023-3090
It was discovered that missing initialization in ipvlan networking
may lead to an out-of-bounds write vulnerability, resulting in
denial of service or potentially the execution of arbitrary code.
CVE-2023-3212
Yang Lan that missing validation in the GFS2 filesystem could result
in denial of service via a NULL pointer dereference when mounting a
malformed GFS2 filesystem.
CVE-2023-3268
It was discovered that an out-of-bounds memory access in relayfs
could result in denial of service or an information leak.
CVE-2023-3269
Ruihan Li discovered that incorrect lock handling for accessing and
updating virtual memory areas (VMAs) may result in privilege
escalation.
CVE-2023-3390
A use-after-free flaw in the netfilter subsystem caused by incorrect
error path handling may result in denial of service or privilege
escalation.
CVE-2023-31084
It was discovered that the DVB Core driver does not properly handle
locking of certain events, allowing a local user to cause a denial
of service.
CVE-2023-32250 / CVE-2023-32254
Quentin Minster discovered two race conditions in KSMBD, a kernel
server which implements the SMB3 protocol, which could result in
denial of service or potentially the execution of arbitrary code.
CVE-2023-35788
Hangyu Hua discovered an out-of-bounds write vulnerability in the
Flower classifier which may result in denial of service or the
execution of arbitrary code.
|