Package        : linux
CVE ID         : CVE-2023-2124 CVE-2023-2156 CVE-2023-2269 CVE-2023-3090 CVE-2023-3212 CVE-2023-3268 CVE-2023-3269 CVE-2023-3390 CVE-2023-31084 CVE-2023-32250 CVE-2023-32254 CVE-2023-35788

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2023-2124

    Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing
    metadata validation may result in denial of service or potential
    privilege escalation if a corrupted XFS disk image is mounted.

CVE-2023-2156

    It was discovered that the IPv6 RPL protocol implementation in the
    Linux kernel did not properly handled user-supplied data, resulting
    in a triggerable assertion. An unauthenticated remote attacker can
    take advantage of this flaw for denial of service.

CVE-2023-2269

    Zheng Zhang reported that improper handling of locking in the device
    mapper implementation may result in denial of service.

CVE-2023-3090

    It was discovered that missing initialization in ipvlan networking
    may lead to an out-of-bounds write vulnerability, resulting in
    denial of service or potentially the execution of arbitrary code.

CVE-2023-3212

    Yang Lan that missing validation in the GFS2 filesystem could result
    in denial of service via a NULL pointer dereference when mounting a
    malformed GFS2 filesystem.

CVE-2023-3268

    It was discovered that an out-of-bounds memory access in relayfs
    could result in denial of service or an information leak.

CVE-2023-3269

    Ruihan Li discovered that incorrect lock handling for accessing and
    updating virtual memory areas (VMAs) may result in privilege
    escalation.

CVE-2023-3390

    A use-after-free flaw in the netfilter subsystem caused by incorrect
    error path handling may result in denial of service or privilege
    escalation.

CVE-2023-31084

    It was discovered that the DVB Core driver does not properly handle
    locking of certain events, allowing a local user to cause a denial
    of service.

CVE-2023-32250 / CVE-2023-32254

    Quentin Minster discovered two race conditions in KSMBD, a kernel
    server which implements the SMB3 protocol, which could result in
    denial of service or potentially the execution of arbitrary code.

CVE-2023-35788

    Hangyu Hua discovered an out-of-bounds write vulnerability in the
    Flower classifier which may result in denial of service or the
    execution of arbitrary code.