Headline
Red Hat Security Advisory 2023-4517-01
Red Hat Security Advisory 2023-4517-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2023:4517-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4517
Issue date: 2023-08-08
CVE Names: CVE-2022-42896 CVE-2023-1281 CVE-2023-1829
CVE-2023-2124 CVE-2023-2194 CVE-2023-2235
=====================================================================
- Summary:
An update for kernel is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in
net/bluetooth/l2cap_core.c (CVE-2022-42896)kernel: tcindex: use-after-free vulnerability in traffic control index
filter allows privilege escalation (CVE-2023-1281)kernel: Use-after-free vulnerability in the Linux Kernel traffic control
index filter (CVE-2023-1829)kernel: use-after-free vulnerability in the perf_group_detach function of
the Linux Kernel Performance Events (CVE-2023-2235)kernel: OOB access in the Linux kernel’s XFS subsystem (CVE-2023-2124)
kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()
(CVE-2023-2194)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
simultaneous writes to a page on xfs can result in zero-byte data
(BZ#2184101)RHEL 8.4 - kernel: fix __clear_user() inline assembly constraints
(BZ#2192602)LPAR is crashed by Phyp when doing DLPAR CPU operations (BZ#2193375)
ice: ptp4l cpu usage spikes (BZ#2203285)
Kernel - Significant performance drop for getrandom system call when FIPS
is enabled (compared to RHEL 8.x for all x < 6.z) (BZ#2208127)macvlan: backports from upstream (BZ#2209686)
Intel 8.9 BUG VROC: Pull VMD secondary bus reset patch (BZ#2211198)
Incorrect target abort handling causes iscsi deadlock (BZ#2211494)
swap deadlock when attempt to charge a page to a cgroup stalls waiting on
I/O plugged on another task in swap code (BZ#2211513)BUG_ON “kernel BUG at mm/rmap.c:1041!” in __page_set_anon_rmap() when
vma->anon_vma==NULL (BZ#2211658)RHEL 8.9: IPMI updates and bug fixes (BZ#2211667)
RHEL 8.6 opening console with mkvterm on novalink terminal fails due to
drmgr reporting failure (L3:) (BZ#2212373)RHEL 8.8 - P10 DD2.0: Wrong numa_node is assigned to vpmem device
(BZ#2212451)RHEL 8.8 beta: Occasional stall during initialization of ipmi_msghandler
(BZ#2213189)ESXi RHEL 8: Haswell generation CPU are impacted with performance due to
IBRS (BZ#2213366)xen: fix section mismatch error with xen_callback_vector() and
alloc_intr_gate() (BZ#2214281)jitter: Fix RCT/APT health test during initialization (BZ#2215079)
aacraid misses interrupts when a CPU is disabled resulting in scsi
timeouts and the adapter being unusable until reboot. (BZ#2216498)Hyper-V RHEL 8: Fix VM crash/hang Issues due to fast VF add/remove events
(BZ#2216543)rbd: avoid fast-diff corruption in snapshot-based mirroring [8.9]
(BZ#2216769)Regression of 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()")
(BZ#2220810)
- Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c
2181847 - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation
2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel’s XFS subsystem
2188396 - CVE-2023-2194 kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()
2188470 - CVE-2023-1829 kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter
2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
kernel-4.18.0-477.21.1.el8_8.src.rpm
aarch64:
bpftool-4.18.0-477.21.1.el8_8.aarch64.rpm
bpftool-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-core-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-cross-headers-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-debug-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-debug-core-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-debug-devel-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-debug-modules-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-debug-modules-extra-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-devel-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-headers-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-modules-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-modules-extra-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-tools-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-tools-libs-4.18.0-477.21.1.el8_8.aarch64.rpm
perf-4.18.0-477.21.1.el8_8.aarch64.rpm
perf-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm
python3-perf-4.18.0-477.21.1.el8_8.aarch64.rpm
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm
noarch:
kernel-abi-stablelists-4.18.0-477.21.1.el8_8.noarch.rpm
kernel-doc-4.18.0-477.21.1.el8_8.noarch.rpm
ppc64le:
bpftool-4.18.0-477.21.1.el8_8.ppc64le.rpm
bpftool-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-core-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-cross-headers-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-debug-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-debug-core-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-debug-devel-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-debug-modules-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-devel-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-headers-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-modules-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-modules-extra-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-tools-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-tools-libs-4.18.0-477.21.1.el8_8.ppc64le.rpm
perf-4.18.0-477.21.1.el8_8.ppc64le.rpm
perf-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm
python3-perf-4.18.0-477.21.1.el8_8.ppc64le.rpm
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm
s390x:
bpftool-4.18.0-477.21.1.el8_8.s390x.rpm
bpftool-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-core-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-cross-headers-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-debug-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-debug-core-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-debug-devel-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-debug-modules-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-debug-modules-extra-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-devel-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-headers-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-modules-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-modules-extra-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-tools-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-zfcpdump-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-zfcpdump-core-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-zfcpdump-devel-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-zfcpdump-modules-4.18.0-477.21.1.el8_8.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-477.21.1.el8_8.s390x.rpm
perf-4.18.0-477.21.1.el8_8.s390x.rpm
perf-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm
python3-perf-4.18.0-477.21.1.el8_8.s390x.rpm
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm
x86_64:
bpftool-4.18.0-477.21.1.el8_8.x86_64.rpm
bpftool-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-core-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-cross-headers-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-debug-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-debug-core-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-debug-devel-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-debug-modules-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-debug-modules-extra-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-devel-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-headers-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-modules-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-modules-extra-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-tools-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-tools-libs-4.18.0-477.21.1.el8_8.x86_64.rpm
perf-4.18.0-477.21.1.el8_8.x86_64.rpm
perf-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm
python3-perf-4.18.0-477.21.1.el8_8.x86_64.rpm
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64:
bpftool-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm
kernel-tools-libs-devel-4.18.0-477.21.1.el8_8.aarch64.rpm
perf-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm
ppc64le:
bpftool-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-477.21.1.el8_8.ppc64le.rpm
perf-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm
x86_64:
bpftool-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm
kernel-tools-libs-devel-4.18.0-477.21.1.el8_8.x86_64.rpm
perf-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-42896
https://access.redhat.com/security/cve/CVE-2023-1281
https://access.redhat.com/security/cve/CVE-2023-1829
https://access.redhat.com/security/cve/CVE-2023-2124
https://access.redhat.com/security/cve/CVE-2023-2194
https://access.redhat.com/security/cve/CVE-2023-2235
https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJk0k8yAAoJENzjgjWX9erEBnAQAJYE/kuoaCmyvHq8Ejon2ItK
wPzh3Rhm5jlOPbAOmbXcFQKmu9vHNZpv34IDgk37FvWY2xElVgOlbeFiu/GGxvOq
X9f4Sm3j0F+emnatAdNRvhIJ1igargUf0BqwhaHjirl0OEtfw9yEVPU0yuAVIDEE
FgeBAWpT9jN01610xPPCS/aV18Q1P36CQreVhCRbHgkDS89BWmjJIG77Dws2L01m
Hg7s38T4hJr10mUpsQAL+RgM24l3oLUyAFC/1WU32l4UyTC8rUSd1A/gmZ/jnpVL
lmaph5sCl+DwCgtICKOr0nPSyO40tutDOjm4Mq5e1mcbJp+HiVPYcJ0n0hokK766
qaJ4QjQvDcXVa2GMf7bm+ZzSF7PSOK/M/eypKd8NzhNZQvF/GelwaDPIRkfAEs8Y
zqv2IcR1AfJEGnVEWdU2OauXxN9sQZ8V0s3uJoeUU3QKSJas0R3VbpRkdJCLsAiJ
wTQlYcD6EQJA3PV4X5VZUgv2HjmjjxdIzYduYZcIZOUjqUK2rhdg2M4Gnq9z7fsd
pt27Y3gB1UR0iG0UCQoTaMtOE2KBi7V4Ale3xYicWZb5n1eevNX9NWA9l+WDtN/0
eFhrKTxIrZe22rnlj+0IwP2DRltnbFmJAPo4066udIQhHDRvwQopwGHnoO7nCGsp
VT0aneVeYrjA/6a4CkJ/
=ZQT4
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
Red Hat Security Advisory 2024-1249-03 - An update for kernel is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7431-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-5627-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, null pointer, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5589-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.
Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6347-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.
Red Hat Security Advisory 2023-4962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. This flaw allows a local attacker to cause a use-after-free problem, leading to privileg...
Ubuntu Security Notice 6332-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6314-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 6312-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 6311-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.
Red Hat Security Advisory 2023-4815-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and out of bounds write vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2124: An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user...
Ubuntu Security Notice 6301-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.
Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...
Ubuntu Security Notice 6284-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...
Red Hat Security Advisory 2023-4541-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42896: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Blue...
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. This flaw allows a local attacker to cause a use-after-free problem, leading to privilege esca...
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. This flaw allows a local attacker to cause a use-after-free problem, leading to privilege esca...
Red Hat Security Advisory 2023-4262-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. * CVE-2023-32233: A us...
Red Hat Security Advisory 2023-4230-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-4145-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4126-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4138-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4138-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and use-after-free vulnerabilities.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1016: A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. * CVE-2022-42703: A memory leak flaw with us...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1016: A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. * CVE-2022-42703: A memory leak flaw with us...
Ubuntu Security Notice 6228-1 - It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service. Wei Chen discovered that the InfiniBand RDMA communication manager implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6224-1 - It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service. Wei Chen discovered that the InfiniBand RDMA communication manager implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6222-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 6206-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. * CVE-2023-32233: A us...
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. * CVE-2023-32233: A use-afte...
Ubuntu Security Notice 6186-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6186-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Red Hat Security Advisory 2023-3723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-3708-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-3708-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-3708-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-3705-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2002: A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. * CVE-2023-2124: An out-of-bounds ...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2002: A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. * CVE-2023-2124: An out-of-bounds ...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2002: A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. * CVE-2023-2124: An out-of-bounds ...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2235: The Linux kernel's Performance Events subsystem has a use-after-free flaw that occurs when a user triggers the perf_group_detach and remove_on_exec functions simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilte...
Ubuntu Security Notice 6175-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6175-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42896: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could exec...
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42896: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connec...
Ubuntu Security Notice 6133-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information.
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
Ubuntu Security Notice 6071-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6070-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6069-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed.
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.
Ubuntu Security Notice 6044-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6043-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.
An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.
Ubuntu Security Notice 6033-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6029-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service.
Ubuntu Security Notice 6024-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6025-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
Ubuntu Security Notice 5879-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5877-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5863-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5832-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5804-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5794-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5783-1 - Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.