Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2023-2902
Vulnerability from csaf_certbund
Published
2023-11-14 23:00
Modified
2023-11-14 23:00
Summary
IBM Security Guardium: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Security Guardium ist eine Lösung für die Überwachung und Auditierung des Datenzugriffs.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Security Guardium ist eine L\u00f6sung f\u00fcr die \u00dcberwachung und Auditierung des Datenzugriffs.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Security Guardium ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2902 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2902.json" }, { "category": "self", "summary": "WID-SEC-2023-2902 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2902" }, { "category": "external", "summary": "IBM Security Bulletin 7073592 vom 2023-11-14", "url": "https://www.ibm.com/support/pages/node/7073592" } ], "source_lang": "en-US", "title": "IBM Security Guardium: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-11-14T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:51:06.780+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2902", "initial_release_date": "2023-11-14T23:00:00.000+00:00", "revision_history": [ { "date": "2023-11-14T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM Security Guardium 12.0", "product": { "name": "IBM Security Guardium 12.0", "product_id": "T031092", "product_identification_helper": { "cpe": "cpe:/a:ibm:security_guardium:12.0" } } } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-4863", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-4863" }, { "cve": "CVE-2023-4147", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-4147" }, { "cve": "CVE-2023-4004", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-4004" }, { "cve": "CVE-2023-3899", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-3899" }, { "cve": "CVE-2023-38633", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-38633" }, { "cve": "CVE-2023-3776", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-3776" }, { "cve": "CVE-2023-3610", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-3610" }, { "cve": "CVE-2023-35001", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-35001" }, { "cve": "CVE-2023-3390", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-3390" }, { "cve": "CVE-2023-31248", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-31248" }, { "cve": "CVE-2023-30630", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-30630" }, { "cve": "CVE-2023-2603", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-2603" }, { "cve": "CVE-2023-2602", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-2602" }, { "cve": "CVE-2023-21102", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-21102" }, { "cve": "CVE-2023-20900", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-20900" }, { "cve": "CVE-2023-20593", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-20593" }, { "cve": "CVE-2023-1637", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2023-1637" }, { "cve": "CVE-2022-1941", "notes": [ { "category": "description", "text": "In IBM Security Guardium existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T031092" ] }, "release_date": "2023-11-14T23:00:00Z", "title": "CVE-2022-1941" } ] }
cve-2023-3390
Vulnerability from cvelistv5
Published
2023-06-28 20:02
Modified
2024-08-02 06:55
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.
Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.
We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 3.16 < 6.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:55:03.302Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5448" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5461" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230818-0004/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.4", "status": "affected", "version": "3.16", "versionType": "custom" } ] } ], "datePublic": "2023-06-08T19:49:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA use-after-free vulnerability was found in the Linux kernel\u0027s netfilter subsystem in net/netfilter/nf_tables_api.c.\u003cbr\u003e\u003cbr\u003eMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eWe recommend upgrading past commit\u0026nbsp;1240eb93f0616b21c675416516ff3d74798fdc97." } ], "value": "A use-after-free vulnerability was found in the Linux kernel\u0027s netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit\u00a01240eb93f0616b21c675416516ff3d74798fdc97." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-28T20:02:07.389Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97" }, { "url": "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97" }, { "url": "https://www.debian.org/security/2023/dsa-5448" }, { "url": "https://www.debian.org/security/2023/dsa-5461" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230818-0004/" }, { "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s netfilter subsystem", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-3390", "datePublished": "2023-06-28T20:02:07.389Z", "dateReserved": "2023-06-23T13:45:16.519Z", "dateUpdated": "2024-08-02T06:55:03.302Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4004
Vulnerability from cvelistv5
Published
2023-07-31 16:22
Modified
2024-11-15 16:30
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-477.27.1.rt7.290.el8_8 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:17:11.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" }, { "name": "RHSA-2023:4961", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4961" }, { "name": "RHSA-2023:4962", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4962" }, { "name": "RHSA-2023:4967", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4967" }, { "name": "RHSA-2023:5069", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:5069" }, { "name": "RHSA-2023:5091", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:5091" }, { "name": "RHSA-2023:5093", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:5093" }, { "name": "RHSA-2023:5221", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:5221" }, { "name": "RHSA-2023:5244", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:5244" }, { "name": "RHSA-2023:5255", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:5255" }, { "name": "RHSA-2023:5548", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:5548" }, { "name": "RHSA-2023:5627", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:5627" }, { "name": "RHSA-2023:7382", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7382" }, { "name": "RHSA-2023:7389", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7389" }, { "name": "RHSA-2023:7411", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7411" }, { "name": "RHSA-2023:7417", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7417" }, { "name": "RHSA-2023:7431", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7431" }, { "name": "RHSA-2023:7434", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7434" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4004" }, { "name": "RHBZ#2225275", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225275" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719190824.21196-1-fw@strlen.de/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231027-0001/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5492" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.27.1.rt7.290.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.27.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.119.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.2::nfv", "cpe:/a:redhat:rhel_tus:8.2::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.119.1.rt13.170.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.119.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.119.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.103.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::realtime", "cpe:/a:redhat:rhel_tus:8.4::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.103.1.rt7.178.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.103.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.103.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.75.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.30.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.30.1.rt14.315.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.30.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.80.1.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::nfv", "cpe:/a:redhat:rhel_eus:9.0::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.80.1.rt21.151.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.75.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2023-07-19T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in the Linux kernel\u0027s netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T16:30:33.284Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:4961", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4961" }, { "name": "RHSA-2023:4962", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4962" }, { "name": "RHSA-2023:4967", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4967" }, { "name": "RHSA-2023:5069", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:5069" }, { "name": "RHSA-2023:5091", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:5091" }, { "name": "RHSA-2023:5093", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:5093" }, { "name": "RHSA-2023:5221", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:5221" }, { "name": "RHSA-2023:5244", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:5244" }, { "name": "RHSA-2023:5255", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:5255" }, { "name": "RHSA-2023:5548", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:5548" }, { "name": "RHSA-2023:5627", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:5627" }, { "name": "RHSA-2023:7382", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7382" }, { "name": "RHSA-2023:7389", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7389" }, { "name": "RHSA-2023:7411", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7411" }, { "name": "RHSA-2023:7417", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7417" }, { "name": "RHSA-2023:7431", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7431" }, { "name": "RHSA-2023:7434", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7434" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4004" }, { "name": "RHBZ#2225275", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225275" }, { "url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719190824.21196-1-fw@strlen.de/" } ], "timeline": [ { "lang": "en", "time": "2023-07-24T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-07-19T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()", "workarounds": [ { "lang": "en", "value": "This flaw can be mitigated by preventing the affected netfilter kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278." } ], "x_redhatCweChain": "CWE-416: Use After Free" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-4004", "datePublished": "2023-07-31T16:22:18.380Z", "dateReserved": "2023-07-30T11:58:17.241Z", "dateUpdated": "2024-11-15T16:30:33.284Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3776
Vulnerability from cvelistv5
Published
2023-07-21 20:49
Modified
2024-08-02 07:08
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.
If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.
We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:08:49.975Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0323bce598eea038714f941ce2b22541c46d488f" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/0323bce598eea038714f941ce2b22541c46d488f" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5492" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240202-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.5", "status": "affected", "version": "2.6", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Muhammad Alifa Ramdhan of STAR Labs SG" } ], "datePublic": "2023-07-07T02:10:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_fw component can be exploited to achieve local privilege escalation.\u003c/p\u003e\u003cp\u003eIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\u003c/p\u003e\u003cp\u003eWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.\u003c/p\u003e" } ], "value": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_fw component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-22T09:43:27.743Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0323bce598eea038714f941ce2b22541c46d488f" }, { "url": "https://kernel.dance/0323bce598eea038714f941ce2b22541c46d488f" }, { "url": "https://www.debian.org/security/2023/dsa-5480" }, { "url": "https://www.debian.org/security/2023/dsa-5492" }, { "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240202-0003/" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s net/sched: cls_fw component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-3776", "datePublished": "2023-07-21T20:49:53.667Z", "dateReserved": "2023-07-19T15:50:20.757Z", "dateUpdated": "2024-08-02T07:08:49.975Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1637
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 05:57
Severity ?
EPSS score ?
Summary
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:57:24.561Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27398" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 5.18-rc2" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-226", "description": "CWE-226 -\u003e CWE-385 -\u003e CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-27T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27398" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1637", "datePublished": "2023-03-27T00:00:00", "dateReserved": "2023-03-26T00:00:00", "dateUpdated": "2024-08-02T05:57:24.561Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3899
Vulnerability from cvelistv5
Published
2023-08-23 10:49
Modified
2024-11-23 00:07
Severity ?
EPSS score ?
Summary
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2023:4701 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:4702 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:4703 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:4704 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:4705 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:4706 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:4707 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:4708 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-3899 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2225407 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 7 |
Unaffected: 0:1.24.52-2.el7_9 < * cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::computenode cpe:/o:redhat:enterprise_linux:7::workstation cpe:/o:redhat:enterprise_linux:7::client |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:08:50.678Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:4701", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4701" }, { "name": "RHSA-2023:4702", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4702" }, { "name": "RHSA-2023:4703", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4703" }, { "name": "RHSA-2023:4704", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4704" }, { "name": "RHSA-2023:4705", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4705" }, { "name": "RHSA-2023:4706", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4706" }, { "name": "RHSA-2023:4707", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4707" }, { "name": "RHSA-2023:4708", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4708" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3899" }, { "name": "RHBZ#2225407", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225407" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJHKSBBZRDFOBNDU35FUKMYQIQYT6UJQ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDIHGNLS3TZVX7X2F735OKI4KXPY4AH6/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client" ], "defaultStatus": "affected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.24.52-2.el7_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.36-3.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.36-3.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.1::appstream", "cpe:/o:redhat:rhel_e4s:8.1::baseos" ], "defaultStatus": "affected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.25.17.1-2.el8_1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/o:redhat:rhel_tus:8.2::baseos" ], "defaultStatus": "affected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.22-2.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/o:redhat:rhel_tus:8.2::baseos" ], "defaultStatus": "affected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.22-2.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/o:redhat:rhel_tus:8.2::baseos" ], "defaultStatus": "affected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.26.22-2.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.13-7.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.13-7.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.13-7.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.6::appstream", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.28.29.1-2.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "affected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.29.33.1-2.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos" ], "defaultStatus": "affected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.29.26.2-2.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "subscription-manager", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Thibault Guittet (Senior Product Security Engineer, Red Hat)." } ], "datePublic": "2023-08-22T14:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T00:07:47.908Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:4701", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4701" }, { "name": "RHSA-2023:4702", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4702" }, { "name": "RHSA-2023:4703", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4703" }, { "name": "RHSA-2023:4704", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4704" }, { "name": "RHSA-2023:4705", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4705" }, { "name": "RHSA-2023:4706", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4706" }, { "name": "RHSA-2023:4707", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4707" }, { "name": "RHSA-2023:4708", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4708" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3899" }, { "name": "RHBZ#2225407", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225407" } ], "timeline": [ { "lang": "en", "time": "2023-07-25T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-08-22T14:00:00+00:00", "value": "Made public." } ], "title": "Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration", "workarounds": [ { "lang": "en", "value": "A workaround is to mask rhsm.service using: \n\n~~~\nsystemctl mask rhsm.service\n~~~\n\nWhen the rhsm.service is masked, then no D-Bus call cannot trigger the service and all D-Bus calls will be terminated with error: \"Call failed: Could not activate remote peer.\" But then all applications using D-Bus API will not work until you unmask the service using: \"systemctl unmask rhsm.service\"" } ], "x_redhatCweChain": "CWE-285: Improper Authorization" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3899", "datePublished": "2023-08-23T10:49:11.684Z", "dateReserved": "2023-07-25T10:15:36.274Z", "dateUpdated": "2024-11-23T00:07:47.908Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21102
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2024-08-02 09:28
Severity ?
EPSS score ?
Summary
In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:28:25.938Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-15T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-05-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21102", "datePublished": "2023-05-15T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:28:25.938Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1941
Vulnerability from cvelistv5
Published
2022-09-22 00:00
Modified
2024-08-03 00:24
Severity ?
EPSS score ?
Summary
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Google LLC | protobuf-cpp |
Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified < |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:google:protobuf-cpp:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "protobuf-cpp", "vendor": "google", "versions": [ { "lessThan": "3.18.3", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "3.19.5", "status": "affected", "version": "3.19.0", "versionType": "custom" }, { "lessThan": "3.20.2", "status": "affected", "version": "3.20.0", "versionType": "custom" }, { "lessThan": "3.21.6", "status": "affected", "version": "3.21.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:google:protobuf-python:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "protobuf-python", "vendor": "google", "versions": [ { "lessThan": "3.18.3", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "3.19.5", "status": "affected", "version": "3.19.0", "versionType": "custom" }, { "lessThan": "3.20.2", "status": "affected", "version": "3.20.0", "versionType": "custom" }, { "lessThan": "4.21.6", "status": "affected", "version": "4.0.0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-1941", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-16T19:20:47.222552Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-16T19:36:06.065Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T00:24:42.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cloud.google.com/support/bulletins#GCP-2022-019" }, { "tags": [ "x_transferred" ], "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf" }, { "name": "[oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/27/1" }, { "name": "FEDORA-2022-25f35ed634", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/" }, { "name": "[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html" }, { "name": "FEDORA-2022-15729fa33d", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240705-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "protobuf-cpp", "vendor": "Google LLC", "versions": [ { "lessThanOrEqual": "3.16.1", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "3.17.3", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "3.18.2", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "3.19.4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "3.20.1", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "3.21.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "protobuf-python", "vendor": "Google LLC", "versions": [ { "lessThanOrEqual": "3.16.1", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "3.17.3", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "3.18.2", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "3.19.4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "3.20.1", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThanOrEqual": "4.21.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "CluterFuzz - https://google.github.io/clusterfuzz/" } ], "descriptions": [ { "lang": "en", "value": "A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated." } ], "metrics": [ { "other": { "content": { "attackComplexity": "LOW", "attackVector": "ADJACENT", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1286", "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-05T16:05:57.237168", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://cloud.google.com/support/bulletins#GCP-2022-019" }, { "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf" }, { "name": "[oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/27/1" }, { "name": "FEDORA-2022-25f35ed634", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/" }, { "name": "[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html" }, { "name": "FEDORA-2022-15729fa33d", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/" }, { "url": "https://security.netapp.com/advisory/ntap-20240705-0001/" } ], "source": { "discovery": "INTERNAL" }, "title": "Out of Memory issue in ProtocolBuffers for cpp and python", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-1941", "datePublished": "2022-09-22T00:00:00", "dateReserved": "2022-05-30T00:00:00", "dateUpdated": "2024-08-03T00:24:42.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30630
Vulnerability from cvelistv5
Published
2023-04-13 00:00
Modified
2024-08-02 14:28
Severity ?
EPSS score ?
Summary
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:28:51.952Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/adamreiser/dmiwrite" }, { "tags": [ "x_transferred" ], "url": "https://lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html" }, { "tags": [ "x_transferred" ], "url": "https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206" }, { "tags": [ "x_transferred" ], "url": "https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/adamreiser/dmiwrite" }, { "url": "https://lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html" }, { "url": "https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206" }, { "url": "https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-30630", "datePublished": "2023-04-13T00:00:00", "dateReserved": "2023-04-13T00:00:00", "dateUpdated": "2024-08-02T14:28:51.952Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35001
Vulnerability from cvelistv5
Published
2023-07-05 18:35
Modified
2024-08-02 16:17
Severity ?
EPSS score ?
Summary
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: v3.13-rc1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:17:04.253Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/" }, { "tags": [ "mailing-list", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/07/05/3" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/05/3" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5453" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230824-0007/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "Linux" ], "product": "Linux Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "v3.13-rc1" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Tanguy Dubroca" } ], "datePublic": "2023-07-05T12:15:00.000Z", "descriptions": [ { "lang": "en", "value": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T18:35:17.785Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/" }, { "tags": [ "mailing-list" ], "url": "https://www.openwall.com/lists/oss-security/2023/07/05/3" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/05/3" }, { "url": "https://www.debian.org/security/2023/dsa-5453" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/" }, { "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230824-0007/" }, { "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability" } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2023-35001", "datePublished": "2023-07-05T18:35:17.785Z", "dateReserved": "2023-06-29T21:43:35.036Z", "dateUpdated": "2024-08-02T16:17:04.253Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2602
Vulnerability from cvelistv5
Published
2023-06-06 00:00
Modified
2024-08-02 06:26
Severity ?
EPSS score ?
Summary
A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:26:09.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209114" }, { "tags": [ "x_transferred" ], "url": "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" }, { "name": "FEDORA-2023-ad944c2d34", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/" }, { "name": "FEDORA-2023-5911638116", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libcap", "vendor": "n/a", "versions": [ { "status": "affected", "version": "NA" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-30T05:06:19.565354", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209114" }, { "url": "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" }, { "name": "FEDORA-2023-ad944c2d34", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/" }, { "name": "FEDORA-2023-5911638116", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-2602", "datePublished": "2023-06-06T00:00:00", "dateReserved": "2023-05-09T00:00:00", "dateUpdated": "2024-08-02T06:26:09.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31248
Vulnerability from cvelistv5
Published
2023-07-05 18:33
Modified
2024-08-02 14:53
Severity ?
EPSS score ?
Summary
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: v5.9-rc1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:53:31.000Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/" }, { "tags": [ "mailing-list", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/07/05/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/05/2" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5453" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240201-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "Linux" ], "product": "Linux Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "v5.9-rc1" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Mingi Cho" } ], "datePublic": "2023-07-05T12:12:00.000Z", "descriptions": [ { "lang": "en", "value": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T18:33:59.665Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/" }, { "tags": [ "mailing-list" ], "url": "https://www.openwall.com/lists/oss-security/2023/07/05/2" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/05/2" }, { "url": "https://www.debian.org/security/2023/dsa-5453" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/" }, { "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240201-0001/" } ], "title": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability" } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2023-31248", "datePublished": "2023-07-05T18:33:59.665Z", "dateReserved": "2023-06-29T21:43:35.029Z", "dateUpdated": "2024-08-02T14:53:31.000Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38633
Vulnerability from cvelistv5
Published
2023-07-22 00:00
Modified
2024-08-02 17:46
Severity ?
EPSS score ?
Summary
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:56.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/librsvg/-/issues/996" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1213502" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3" }, { "name": "20230724 APPLE-SA-2023-07-24-1 Safari 16.6", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/43" }, { "name": "[oss-security] 20230727 CVE-2023-38633 in librsvg: Arbitrary file read when xinclude href has special characters", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/27/1" }, { "name": "FEDORA-2023-fc79ee273d", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/" }, { "name": "FEDORA-2023-0873c38acd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/" }, { "name": "DSA-5484", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5484" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230831-0011/" }, { "name": "[oss-security] 20230906 Re: CVE-2023-38633 in librsvg: Arbitrary file read when xinclude href has special characters", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/06/10" }, { "tags": [ "x_transferred" ], "url": "https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=37415799" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=\".?../../../../../../../../../../etc/passwd\" in an xi:include element." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-07T13:58:15.660243", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.gnome.org/GNOME/librsvg/-/issues/996" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1213502" }, { "url": "https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3" }, { "name": "20230724 APPLE-SA-2023-07-24-1 Safari 16.6", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/43" }, { "name": "[oss-security] 20230727 CVE-2023-38633 in librsvg: Arbitrary file read when xinclude href has special characters", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/27/1" }, { "name": "FEDORA-2023-fc79ee273d", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/" }, { "name": "FEDORA-2023-0873c38acd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/" }, { "name": "DSA-5484", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5484" }, { "url": "https://security.netapp.com/advisory/ntap-20230831-0011/" }, { "name": "[oss-security] 20230906 Re: CVE-2023-38633 in librsvg: Arbitrary file read when xinclude href has special characters", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/06/10" }, { "url": "https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/" }, { "url": "https://news.ycombinator.com/item?id=37415799" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-38633", "datePublished": "2023-07-22T00:00:00", "dateReserved": "2023-07-21T00:00:00", "dateUpdated": "2024-08-02T17:46:56.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20593
Vulnerability from cvelistv5
Published
2023-07-24 19:38
Modified
2024-11-19 16:08
Severity ?
EPSS score ?
Summary
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 |
Version: various |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:45.858Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008" }, { "tags": [ "x_transferred" ], "url": "http://xenbits.xen.org/xsa/advisory-433.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/24/3" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/43" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/25/5" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/25/6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/25/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/25/13" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/25/17" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/25/12" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/25/16" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/25/14" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/25/15" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/26/1" }, { "tags": [ "x_transferred" ], "url": "https://cmpxchg8b.com/zenbleed.html" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5459" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5462" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5461" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/31/2" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/08/08/7" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/08/08/8" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/08/08/6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/08/16/4" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/08/16/5" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240531-0004/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20593", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-19T16:07:50.725588Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-19T16:08:15.479Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cLucienne\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 4000 Series Mobile processors with Radeon\u2122 Graphics \u201cRenoir\u201d", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 7020 Series processors \u201cMendocino\u201d FT6", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "\u00b5code / AGESA\u2122 firmware", "platforms": [ "x86" ], "product": "2nd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-07-24T19:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eAn issue in \u201cZen 2\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\u003c/span\u003e\n\n\n\n\n\n\u003cbr\u003e" } ], "value": "\nAn issue in \u201cZen 2\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\n\n\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-07-24T19:39:41.259Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008" }, { "url": "http://xenbits.xen.org/xsa/advisory-433.html" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/24/3" }, { "url": "http://seclists.org/fulldisclosure/2023/Jul/43" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/25/5" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/25/6" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/25/1" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/25/13" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/25/17" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/25/12" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/25/16" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/25/14" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/25/15" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/26/1" }, { "url": "https://cmpxchg8b.com/zenbleed.html" }, { "url": "https://www.debian.org/security/2023/dsa-5459" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" }, { "url": "https://www.debian.org/security/2023/dsa-5462" }, { "url": "https://www.debian.org/security/2023/dsa-5461" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/31/2" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/" }, { "url": "http://www.openwall.com/lists/oss-security/2023/08/08/7" }, { "url": "http://www.openwall.com/lists/oss-security/2023/08/08/8" }, { "url": "http://www.openwall.com/lists/oss-security/2023/08/08/6" }, { "url": "http://www.openwall.com/lists/oss-security/2023/08/16/4" }, { "url": "http://www.openwall.com/lists/oss-security/2023/08/16/5" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7" }, { "url": "https://security.netapp.com/advisory/ntap-20240531-0004/" } ], "source": { "advisory": "AMD-SB-7008", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-20593", "datePublished": "2023-07-24T19:38:43.385Z", "dateReserved": "2022-10-27T18:53:39.762Z", "dateUpdated": "2024-11-19T16:08:15.479Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3610
Vulnerability from cvelistv5
Published
2023-07-21 20:48
Modified
2024-08-02 07:01
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.
We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:01:56.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=4bedf9eee016286c835e3d8fa981ddece5338795" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/4bedf9eee016286c835e3d8fa981ddece5338795" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5461" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230818-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.4", "status": "affected", "version": "5.9", "versionType": "custom" } ] } ], "datePublic": "2023-06-20T20:41:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\u003c/p\u003e\u003cp\u003eFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.\u003c/p\u003e\u003cp\u003eWe recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.\u003c/p\u003e" } ], "value": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.\n\nWe recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-21T20:48:13.121Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=4bedf9eee016286c835e3d8fa981ddece5338795" }, { "url": "https://kernel.dance/4bedf9eee016286c835e3d8fa981ddece5338795" }, { "url": "https://www.debian.org/security/2023/dsa-5461" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230818-0005/" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s netfilter: nf_tables component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-3610", "datePublished": "2023-07-21T20:48:13.121Z", "dateReserved": "2023-07-10T20:52:54.602Z", "dateUpdated": "2024-08-02T07:01:56.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4863
Vulnerability from cvelistv5
Published
2023-09-12 14:24
Modified
2024-08-19 07:48
Severity ?
EPSS score ?
Summary
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-19T07:48:10.265Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html" }, { "tags": [ "x_transferred" ], "url": "https://crbug.com/1479274" }, { "tags": [ "x_transferred" ], "url": "https://en.bandisoft.com/honeyview/history/" }, { "tags": [ "x_transferred" ], "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a" }, { "tags": [ "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=37478403" }, { "tags": [ "x_transferred" ], "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5496" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5497" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5498" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-05" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/" }, { "tags": [ "x_transferred" ], "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4" }, { "tags": [ "x_transferred" ], "url": "https://blog.isosceles.com/the-webp-0day/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230929-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/" }, { "tags": [ "x_transferred" ], "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16" }, { "tags": [ "x_transferred" ], "url": "https://www.bentley.com/advisories/be-2023-0001/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-10" }, { "url": "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Chrome", "vendor": "Google", "versions": [ { "lessThan": "116.0.5845.187", "status": "affected", "version": "116.0.5845.187", "versionType": "custom" } ] }, { "product": "libwebp", "vendor": "Google", "versions": [ { "lessThan": "1.3.2", "status": "affected", "version": "1.3.2", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)" } ], "problemTypes": [ { "descriptions": [ { "description": "Heap buffer overflow", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-06T23:12:29.399Z", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome" }, "references": [ { "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html" }, { "url": "https://crbug.com/1479274" }, { "url": "https://en.bandisoft.com/honeyview/history/" }, { "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/" }, { "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/" }, { "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a" }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863" }, { "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231" }, { "url": "https://news.ycombinator.com/item?id=37478403" }, { "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/" }, { "url": "https://www.debian.org/security/2023/dsa-5496" }, { "url": "https://www.debian.org/security/2023/dsa-5497" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/" }, { "url": "https://www.debian.org/security/2023/dsa-5498" }, { "url": "https://security.gentoo.org/glsa/202309-05" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/" }, { "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/" }, { "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4" }, { "url": "https://blog.isosceles.com/the-webp-0day/" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4" }, { "url": "https://security.netapp.com/advisory/ntap-20230929-0011/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/" }, { "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16" }, { "url": "https://www.bentley.com/advisories/be-2023-0001/" }, { "url": "https://security.gentoo.org/glsa/202401-10" } ] } }, "cveMetadata": { "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2023-4863", "datePublished": "2023-09-12T14:24:59.275Z", "dateReserved": "2023-09-09T01:02:58.312Z", "dateUpdated": "2024-08-19T07:48:10.265Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20900
Vulnerability from cvelistv5
Published
2023-08-31 09:45
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | n/a | VMware Tools |
Version: 12.x.x Version: 11.x.x Version: 10.3.x |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:21:33.112Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.vmware.com/security/advisories/VMSA-2023-0019.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/08/31/1" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5493" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231013-0002/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/27/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "VMware Tools", "vendor": "n/a", "versions": [ { "status": "affected", "version": "12.x.x" }, { "status": "affected", "version": "11.x.x" }, { "status": "affected", "version": "10.3.x" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "VMware Tools", "vendor": "n/a", "versions": [ { "status": "affected", "version": "10.3.x" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "VMware Tools (open-vm-tools)", "vendor": "n/a", "versions": [ { "status": "affected", "version": "12.x.x" }, { "status": "affected", "version": "11.x.x" }, { "status": "affected", "version": "10.3.x" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A malicious actor that has been granted \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html\"\u003eGuest Operation Privileges\u003c/a\u003e\u0026nbsp;in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html\"\u003eGuest Alias\u003c/a\u003e." } ], "value": "A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html \u00a0in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html ." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "SAML Token Signature Bypass vulnerability", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T04:34:34.974Z", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware" }, "references": [ { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0019.html" }, { "url": "http://www.openwall.com/lists/oss-security/2023/08/31/1" }, { "url": "https://www.debian.org/security/2023/dsa-5493" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html" }, { "url": "https://security.netapp.com/advisory/ntap-20231013-0002/" }, { "url": "http://www.openwall.com/lists/oss-security/2023/10/27/1" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2023-20900", "datePublished": "2023-08-31T09:45:43.130Z", "dateReserved": "2022-11-01T15:41:50.396Z", "dateUpdated": "2024-08-02T09:21:33.112Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4147
Vulnerability from cvelistv5
Published
2023-08-07 13:19
Modified
2024-11-23 00:02
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2023:5069 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:5091 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:5093 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:7382 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:7389 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:7411 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-4147 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2225239 | issue-tracking, x_refsource_REDHAT | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211 | ||
https://www.spinics.net/lists/stable/msg671573.html |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 9 |
Unaffected: 0:5.14.0-284.30.1.el9_2 < * cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::crb |
||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:17:12.131Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:5069", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:5069" }, { "name": "RHSA-2023:5091", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:5091" }, { "name": "RHSA-2023:5093", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:5093" }, { "name": "RHSA-2023:7382", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7382" }, { "name": "RHSA-2023:7389", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7389" }, { "name": "RHSA-2023:7411", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7411" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4147" }, { "name": "RHBZ#2225239", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225239" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231020-0006/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5492" }, { "tags": [ "x_transferred" ], "url": "https://www.spinics.net/lists/stable/msg671573.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.30.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.30.1.rt14.315.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.30.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.80.1.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::nfv", "cpe:/a:redhat:rhel_eus:9.0::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.80.1.rt21.151.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" } ], "datePublic": "2023-07-23T10:30:00+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in the Linux kernel\u2019s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T00:02:59.456Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:5069", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:5069" }, { "name": "RHSA-2023:5091", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:5091" }, { "name": "RHSA-2023:5093", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:5093" }, { "name": "RHSA-2023:7382", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7382" }, { "name": "RHSA-2023:7389", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7389" }, { "name": "RHSA-2023:7411", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7411" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4147" }, { "name": "RHBZ#2225239", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225239" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211" }, { "url": "https://www.spinics.net/lists/stable/msg671573.html" } ], "timeline": [ { "lang": "en", "time": "2023-07-24T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-07-23T10:30:00+00:00", "value": "Made public." } ], "title": "Kernel: netfilter: nf_tables_newrule when adding a rule with nfta_rule_chain_id leads to use-after-free", "x_redhatCweChain": "CWE-416: Use After Free" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-4147", "datePublished": "2023-08-07T13:19:43.593Z", "dateReserved": "2023-08-03T20:23:06.353Z", "dateUpdated": "2024-11-23T00:02:59.456Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2603
Vulnerability from cvelistv5
Published
2023-06-06 00:00
Modified
2024-08-02 06:26
Severity ?
EPSS score ?
Summary
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:26:09.726Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209113" }, { "name": "FEDORA-2023-ad944c2d34", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/" }, { "name": "FEDORA-2023-5911638116", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libcap", "vendor": "n/a", "versions": [ { "status": "affected", "version": "NA" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-30T05:06:21.152575", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209113" }, { "name": "FEDORA-2023-ad944c2d34", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/" }, { "name": "FEDORA-2023-5911638116", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-2603", "datePublished": "2023-06-06T00:00:00", "dateReserved": "2023-05-09T00:00:00", "dateUpdated": "2024-08-02T06:26:09.726Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.