Package        : linux
CVE ID         : CVE-2023-1206 CVE-2023-1989 CVE-2023-2430
                 CVE-2023-2898 CVE-2023-3611 CVE-2023-3772 CVE-2023-3773
                 CVE-2023-3776 CVE-2023-3777 CVE-2023-3863 CVE-2023-4004
                 CVE-2023-4015 CVE-2023-4128 CVE-2023-4132 CVE-2023-4147
                 CVE-2023-4155 CVE-2023-4194 CVE-2023-4206 CVE-2023-4207
                 CVE-2023-4208 CVE-2023-4273 CVE-2023-4569 CVE-2023-4622
                 CVE-2023-20588 CVE-2023-34319 CVE-2023-40283

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2023-1206

    It was discovered that the networking stack permits attackers to
    force hash collisions in the IPv6 connection lookup table, which may
    result in denial of service (significant increase in the cost of
    lookups, increased CPU utilization).

CVE-2023-1989

    Zheng Wang reported a race condition in the btsdio Bluetooth adapter
    driver that can lead to a use-after-free. An attacker able to insert
    and remove SDIO devices can use this to cause a denial of service
    (crash or memory corruption) or possibly to run arbitrary code in
    the kernel.

CVE-2023-2430

    Xingyuan Mo discovered that the io_uring subsystem did not properly
    handle locking when the target ring is configured with IOPOLL, which
    may result in denial of service.

CVE-2023-2898

    It was discovered that missing sanitising in the f2fs file
    system may result in denial of service if a malformed file
    system is accessed.

CVE-2023-3611

    The TOTE Robot tool found a flaw in the Btrfs filesystem driver that
    can lead to a use-after-free. It's unclear whether an unprivileged
    user can exploit this.

CVE-2023-3772

    Lin Ma discovered a NULL pointer dereference flaw in the XFRM
    subsystem which may result in denial of service.

CVE-2023-3773

    Lin Ma discovered a flaw in the the XFRM subsystem, which may result
    in denial of service for a user with the CAP_NET_ADMIN capability in
    any user or network namespace.

CVE-2023-3776, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208

    It was discovered that a use-after-free in the cls_fw, cls_u32 and
    cls_route network classifiers may result in denial of service or
    potential local privilege escalation.

CVE-2023-3777

    Kevin Rich discovered a use-after-free in Netfilter when flushing
    table rules, which may result in local privilege escalation for a
    user with the CAP_NET_ADMIN capability in any user or network
    namespace.

CVE-2023-3863

    It was discovered that a use-after-free in the NFC implementation
    may result in denial of service, an information leak or potential
    local privilege escalation.

CVE-2023-4004

    It was discovered that a use-after-free in Netfilter's
    implementation of PIPAPO (PIle PAcket POlicies) may result in denial
    of service or potential local privilege escalation for a user with
    the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-4015

    Kevin Rich discovered a use-after-free in Netfilter when handling
    bound chain deactivation in certain circumstances, may result in
    denial of service or potential local privilege escalation for a user
    with the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-4132

    A use-after-free in the driver for Siano SMS1xxx based MDTV
    receivers may result in local denial of service.

CVE-2023-4147

    Kevin Rich discovered a use-after-free in Netfilter when adding a
    rule with NFTA_RULE_CHAIN_ID, which may result in local privilege
    escalation for a user with the CAP_NET_ADMIN capability in any user
    or network namespace.

CVE-2023-4155

    Andy Nguyen discovered a flaw in the KVM subsystem allowing a KVM
    guest using EV-ES or SEV-SNP to cause a denial of service.

CVE-2023-4194

    A type confusion in the implementation of TUN/TAP network devices
    may allow a local user to bypass network filters.

CVE-2023-4273

    Maxim Suhanov discovered a stack overflow in the exFAT driver, which
    may result in local denial of service via a malformed file system.

CVE-2023-4569

    lonial con discovered flaw in the Netfilter subsystem, which may
    allow a local attacher to cause a double-deactivations of catchall
    elements, which results in a memory leak.

CVE-2023-4622

    Bing-Jhong Billy Jheng discovered a use-after-free within the Unix
    domain sockets component, which may result in local privilege
    escalation.

CVE-2023-20588

    Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Koepf and
    Oleksii Oleksenko discovered that on some AMD CPUs with the Zen1
    micro architecture an integer division by zero may leave stale
    quotient data from a previous division, resulting in a potential
    leak of sensitive data.

CVE-2023-34319

    Ross Lagerwall discovered a buffer overrun in Xen's netback driver
    which may allow a Xen guest to cause denial of service to the
    virtualisation host my sending malformed packets.

CVE-2023-40283

    A use-after-free was discovered in Bluetooth L2CAP socket handling.