Package linux
CVE ID: CVE-2023-3390 CVE-2023-3610 CVE-2023-20593

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2023-3390

    A use-after-free flaw in the netfilter subsystem caused by incorrect
    error path handling may result in denial of service or privilege
    escalation.

CVE-2023-3610

    A use-after-free flaw in the netfilter subsystem caused by incorrect
    refcount handling on the table and chain destroy path may result in
    denial of service or privilege escalation.

CVE-2023-20593

    Tavis Ormandy discovered that under specific microarchitectural
    circumstances, a vector register in AMD "Zen 2" CPUs may not be
    written to 0 correctly.  This flaw allows an attacker to leak
    sensitive information across concurrent processes, hyper threads
    and virtualized guests.

    For details please refer to
    <https://lock.cmpxchg8b.com/zenbleed.html> and
    <https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8>.

    This issue can also be mitigated by a microcode update through the
    amd64-microcode package or a system firmware (BIOS/UEFI) update.
    However, the initial microcode release by AMD only provides
    updates for second generation EPYC CPUs.  Various Ryzen CPUs are
    also affected, but no updates are available yet.