1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
Package : linux
CVE ID : CVE-2023-1206 CVE-2023-1989 CVE-2023-2430
CVE-2023-2898 CVE-2023-3611 CVE-2023-3772 CVE-2023-3773
CVE-2023-3776 CVE-2023-3777 CVE-2023-3863 CVE-2023-4004
CVE-2023-4015 CVE-2023-4128 CVE-2023-4132 CVE-2023-4147
CVE-2023-4155 CVE-2023-4194 CVE-2023-4206 CVE-2023-4207
CVE-2023-4208 CVE-2023-4273 CVE-2023-4569 CVE-2023-4622
CVE-2023-20588 CVE-2023-34319 CVE-2023-40283
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2023-1206
It was discovered that the networking stack permits attackers to
force hash collisions in the IPv6 connection lookup table, which may
result in denial of service (significant increase in the cost of
lookups, increased CPU utilization).
CVE-2023-1989
Zheng Wang reported a race condition in the btsdio Bluetooth adapter
driver that can lead to a use-after-free. An attacker able to insert
and remove SDIO devices can use this to cause a denial of service
(crash or memory corruption) or possibly to run arbitrary code in
the kernel.
CVE-2023-2430
Description
CVE-2023-2898
It was discovered that missing sanitising in the f2fs file
system may result in denial of service if a malformed file
system is accessed.
CVE-2023-3611
The TOTE Robot tool found a flaw in the Btrfs filesystem driver that
can lead to a use-after-free. It's unclear whether an unprivileged
user can exploit this.
CVE-2023-3772
Description
CVE-2023-3773
Description
CVE-2023-3776, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208
It was discovered that a use-after-free in the cls_fw, cls_u32 and
cls_route network classifiers may result in denial of service or
potential local privilege escalation.
CVE-2023-3777
Description
CVE-2023-3863
It was discovered that a use-after-free in the NFC implementation
may result in denial of service, an information leak or potential
local privilege escalation.
CVE-2023-4004
It was discovered that a use-after-free in Netfilter's
implementation of PIPAPO (PIle PAcket POlicies) may result in denial
of service or potential local privilege escalation for a user with
the CAP_NET_ADMIN capability in any user or network namespace.
CVE-2023-4015
Description
CVE-2023-4132
A use-after-free in the driver for Siano SMS1xxx based MDTV
receivers may result in local denial of service.
CVE-2023-4147
Kevin Rich discovered a use-after-free in Netfilter when adding a
rule with NFTA_RULE_CHAIN_ID, which may result in local privilege
escalation for a user with the CAP_NET_ADMIN capability in any user
or network namespace.
CVE-2023-4155
Description
CVE-2023-4194
A type confusion in the implementation of TUN/TAP network devices
may allow a local user to bypass network filters.
CVE-2023-4273
Maxim Suhanov discovered a stack overflow in the exFAT driver, which
may result in local denial of service via a malformed file system.
CVE-2023-4569
Description
CVE-2023-4622
Description
CVE-2023-20588
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Koepf and
Oleksii Oleksenko discovered that on some AMD CPUs with the Zen1
micro architecture an integer division by zero may leave stale
quotient data from a previous division, resulting in a potential
leak of sensitive data.
CVE-2023-34319
Ross Lagerwall discovered a buffer overrun in Xen's netback driver
which may allow a Xen guest to cause denial of service to the
virtualisation host my sending malformed packets.
CVE-2023-40283
A use-after-free was discovered in Bluetooth L2CAP socket handling.
|
