Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6626-1

Ubuntu Security Notice 6626-1 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

Packet Storm
#vulnerability#web#google#amazon#ubuntu#linux#dos#oracle#perl#aws#amd#ibm#ssl
==========================================================================Ubuntu Security Notice USN-6626-1February 08, 2024linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke,linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,linux-kvm, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle,linux-oracle-5.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-ibm-5.15: Linux kernel for IBM cloud systems- linux-lowlatency-hwe-5.15: Linux low latency kernel- linux-oracle-5.15: Linux kernel for Oracle Cloud systemsDetails:Quentin Minster discovered that a race condition existed in the KSMBDimplementation in the Linux kernel when handling sessions operations. Aremote attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-32250, CVE-2023-32252,CVE-2023-32257)Marek Marczykowski-Górecki discovered that the Xen event channelinfrastructure implementation in the Linux kernel contained a racecondition. An attacker in a guest VM could possibly use this to cause adenial of service (paravirtualized device unavailability). (CVE-2023-34324)Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driverin the Linux kernel during device removal. A privileged attacker could usethis to cause a denial of service (system crash). (CVE-2023-35827)Tom Dohrmann discovered that the Secure Encrypted Virtualization (SEV)implementation for AMD processors in the Linux kernel contained a racecondition when accessing MMIO registers. A local attacker in a SEV guest VMcould possibly use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2023-46813)It was discovered that the Microchip USB Ethernet driver in the Linuxkernel contained a race condition during device removal, leading to a use-after-free vulnerability. A physically proximate attacker could use this tocause a denial of service (system crash). (CVE-2023-6039)It was discovered that the TLS subsystem in the Linux kernel did notproperly perform cryptographic operations in some situations, leading to anull pointer dereference vulnerability. A local attacker could use this tocause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2023-6176)Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel didnot properly handle dynset expressions passed from userspace, leading to anull pointer dereference vulnerability. A local attacker could use this tocause a denial of service (system crash). (CVE-2023-6622)It was discovered that the TIPC protocol implementation in the Linux kerneldid not properly handle locking during tipc_crypto_key_revoke() operations.A local attacker could use this to cause a denial of service (kerneldeadlock). (CVE-2024-0641)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-5.15.0-1036-gkeop   5.15.0-1036.42   linux-image-5.15.0-1044-nvidia  5.15.0-1044.44   linux-image-5.15.0-1044-nvidia-lowlatency  5.15.0-1044.44   linux-image-5.15.0-1046-ibm     5.15.0-1046.49   linux-image-5.15.0-1050-gke     5.15.0-1050.55   linux-image-5.15.0-1050-kvm     5.15.0-1050.55   linux-image-5.15.0-1051-gcp     5.15.0-1051.59   linux-image-5.15.0-1051-oracle  5.15.0-1051.57   linux-image-5.15.0-1053-aws     5.15.0-1053.58   linux-image-5.15.0-94-generic   5.15.0-94.104   linux-image-5.15.0-94-generic-64k  5.15.0-94.104   linux-image-5.15.0-94-generic-lpae  5.15.0-94.104   linux-image-aws-lts-22.04       5.15.0.1053.52   linux-image-gcp-lts-22.04       5.15.0.1051.47   linux-image-generic             5.15.0.94.91   linux-image-generic-64k         5.15.0.94.91   linux-image-generic-lpae        5.15.0.94.91   linux-image-gke                 5.15.0.1050.49   linux-image-gke-5.15            5.15.0.1050.49   linux-image-gkeop               5.15.0.1036.35   linux-image-gkeop-5.15          5.15.0.1036.35   linux-image-ibm                 5.15.0.1046.42   linux-image-kvm                 5.15.0.1050.46   linux-image-nvidia              5.15.0.1044.44   linux-image-nvidia-lowlatency   5.15.0.1044.44   linux-image-oracle              5.15.0.1051.46   linux-image-oracle-lts-22.04    5.15.0.1051.46   linux-image-virtual             5.15.0.94.91Ubuntu 20.04 LTS:   linux-image-5.15.0-1036-gkeop   5.15.0-1036.42~20.04.1   linux-image-5.15.0-1046-ibm     5.15.0-1046.49~20.04.1   linux-image-5.15.0-1051-gcp     5.15.0-1051.59~20.04.1   linux-image-5.15.0-1051-oracle  5.15.0-1051.57~20.04.1   linux-image-5.15.0-1053-aws     5.15.0-1053.58~20.04.1   linux-image-5.15.0-94-generic   5.15.0-94.104~20.04.1   linux-image-5.15.0-94-generic-64k  5.15.0-94.104~20.04.1   linux-image-5.15.0-94-generic-lpae  5.15.0-94.104~20.04.1   linux-image-5.15.0-94-lowlatency  5.15.0-94.104~20.04.1   linux-image-5.15.0-94-lowlatency-64k  5.15.0-94.104~20.04.1   linux-image-aws                 5.15.0.1053.58~20.04.41   linux-image-gcp                 5.15.0.1051.59~20.04.1   linux-image-generic-64k-hwe-20.04  5.15.0.94.104~20.04.50   linux-image-generic-hwe-20.04   5.15.0.94.104~20.04.50   linux-image-generic-lpae-hwe-20.04  5.15.0.94.104~20.04.50   linux-image-gkeop-5.15          5.15.0.1036.42~20.04.32   linux-image-ibm                 5.15.0.1046.49~20.04.18   linux-image-lowlatency-64k-hwe-20.04  5.15.0.94.104~20.04.47   linux-image-lowlatency-hwe-20.04  5.15.0.94.104~20.04.47   linux-image-oem-20.04           5.15.0.94.104~20.04.50   linux-image-oem-20.04b          5.15.0.94.104~20.04.50   linux-image-oem-20.04c          5.15.0.94.104~20.04.50   linux-image-oem-20.04d          5.15.0.94.104~20.04.50   linux-image-oracle              5.15.0.1051.57~20.04.1   linux-image-virtual-hwe-20.04   5.15.0.94.104~20.04.50After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6626-1   CVE-2023-32250, CVE-2023-32252, CVE-2023-32257, CVE-2023-34324,   CVE-2023-35827, CVE-2023-46813, CVE-2023-6039, CVE-2023-6176,   CVE-2023-6622, CVE-2024-0641Package Information:   https://launchpad.net/ubuntu/+source/linux/5.15.0-94.104   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1053.58   https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1051.59   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1050.55   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1036.42   https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1046.49   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1050.55   https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1044.44   https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1051.57   https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1053.58~20.04.1   https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1051.59~20.04.1   https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1036.42~20.04.1   https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-94.104~20.04.1   https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1046.49~20.04.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-94.104~20.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1051.57~20.04.1

Related news

Gentoo Linux Security Advisory 202409-10

Gentoo Linux Security Advisory 202409-10 - Multiple vulnerabilities have been discovered in Xen, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.17.4 are affected.

Red Hat Security Advisory 2024-2394-03

Red Hat Security Advisory 2024-2394-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, double free, integer overflow, memory exhaustion, memory leak, null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Kernel Live Patch Security Notice LSN-0102-1

It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

Ubuntu Security Notice USN-6706-1

Ubuntu Security Notice 6706-1 - It was discovered that the Microchip USB Ethernet driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6652-1

Ubuntu Security Notice 6652-1 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6625-3

Ubuntu Security Notice 6625-3 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

Red Hat Security Advisory 2024-0897-03

Red Hat Security Advisory 2024-0897-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0881-03

Red Hat Security Advisory 2024-0881-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6626-3

Ubuntu Security Notice 6626-3 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6639-1

Ubuntu Security Notice 6639-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6628-2

Ubuntu Security Notice 6628-2 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6626-2

Ubuntu Security Notice 6626-2 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6628-1

Ubuntu Security Notice 6628-1 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6625-2

Ubuntu Security Notice 6625-2 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

Kernel Live Patch Security Notice LSN-0100-1

It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. Various other issues were discovered and addressed.

Ubuntu Security Notice USN-6625-1

Ubuntu Security Notice 6625-1 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6624-1

Ubuntu Security Notice 6624-1 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6548-5

Ubuntu Security Notice 6548-5 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6548-4

Ubuntu Security Notice 6548-4 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

Debian Security Advisory 5594-1

Debian Linux Security Advisory 5594-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Debian Security Advisory 5594-1

Debian Linux Security Advisory 5594-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Debian Security Advisory 5594-1

Debian Linux Security Advisory 5594-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Debian Security Advisory 5593-1

Debian Linux Security Advisory 5593-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-6548-3

Ubuntu Security Notice 6548-3 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6534-3

Ubuntu Security Notice 6534-3 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

Ubuntu Security Notice USN-6548-2

Ubuntu Security Notice 6548-2 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6534-2

Ubuntu Security Notice 6534-2 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

Ubuntu Security Notice USN-6548-1

Ubuntu Security Notice 6548-1 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

CVE-2023-6622: cve-details

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.

Ubuntu Security Notice USN-6533-1

Ubuntu Security Notice 6533-1 - Tom Dohrmann discovered that the Secure Encrypted Virtualization implementation for AMD processors in the Linux kernel contained a race condition when accessing MMIO registers. A local attacker in a SEV guest VM could possibly use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the io_uring subsystem in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6534-1

Ubuntu Security Notice 6534-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

CVE-2023-6176: cve-details

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.

CVE-2023-6039: cve-details

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

Ubuntu Security Notice USN-6338-2

Ubuntu Security Notice 6338-2 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.

Ubuntu Security Notice USN-6338-2

Ubuntu Security Notice 6338-2 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.

Ubuntu Security Notice USN-6338-2

Ubuntu Security Notice 6338-2 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.

Ubuntu Security Notice USN-6344-1

Ubuntu Security Notice 6344-1 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.

Ubuntu Security Notice USN-6344-1

Ubuntu Security Notice 6344-1 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.

Ubuntu Security Notice USN-6344-1

Ubuntu Security Notice 6344-1 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.

Ubuntu Security Notice USN-6338-1

Ubuntu Security Notice 6338-1 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.

Ubuntu Security Notice USN-6338-1

Ubuntu Security Notice 6338-1 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.

Ubuntu Security Notice USN-6338-1

Ubuntu Security Notice 6338-1 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.

CVE-2023-32257: ZDI-23-705

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

CVE-2023-32252: ZDI-23-700

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

CVE-2023-32250: Invalid Bug ID

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

Debian Security Advisory 5448-1

Debian Linux Security Advisory 5448-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CVE-2023-35827: Fix possible UAF bug in ravb_remove — Netdev

An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution