jiachao2130/csaf2cusa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0b84f3c661
csaf2cusa/cusas/k/kernel/kernel-5.10.0-60.105.0.132_openEuler-SA-2023-1471.json
Jia Chao 0b84f3c661 增加测试用的配置和目录 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-02 15:51:55 +08:00

14 lines
4.2 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"id": "openEuler-SA-2023-1471",
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1471",
"title": "An update for kernel is now available for openEuler-22.03-LTS",
"severity": "Critical",
"description": "The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\r\n\r\n(CVE-2023-21255)\r\n\r\n(CVE-2023-2163)\r\n\r\nA flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.(CVE-2023-32248)\r\n\r\nVUL-0: CVE-2023-32255: kernel: Linux Kernel ksmbd Session Setup Memory Leak Denial-of-Service Vulnerability(CVE-2023-32255)\r\n\r\nA use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This flaw allows an attacker with local user access to cause a system crash or leak internal kernel information.(CVE-2023-3567)\r\n\r\nA use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\r\n\r\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\r\n\r\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.\r\n\r\n(CVE-2023-3609)\r\n\r\nA use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.\r\n\r\nWe recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.\r\n\r\n(CVE-2023-3610)\r\n\r\nAn out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\r\n\r\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.\r\n\r\nWe recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.\r\n\r\n(CVE-2023-3611)\r\n\r\nA use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.\r\n\r\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\r\n\r\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.\r\n\r\n(CVE-2023-3776)\r\n\r\nAn out-of-bounds memory access flaw was found in the Linux kernels TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2023-3812)\r\n\r\nAn issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.(CVE-2023-38426)\r\n\r\nAn issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.(CVE-2023-38428)",
"cves": [
{
"id": "CVE-2023-38428",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38428",
"severity": "Important"
}
]
}
Reference in New Issue View Git Blame Copy Permalink