what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2023-3389

Status Candidate

Overview

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).

Related Files

Kernel Live Patch Security Notice LSN-0097-1
Posted Sep 11, 2023
Authored by Benjamin M. Romer

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities were also discovered and addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2023-3090, CVE-2023-31248, CVE-2023-32629, CVE-2023-3389, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788
SHA-256 | ea3847865d59a38e67f8587f61b9187dd08496a2ad7eb51fab178dfdf50df391
Ubuntu Security Notice USN-6260-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48502, CVE-2023-2640, CVE-2023-3090, CVE-2023-31248, CVE-2023-3141, CVE-2023-32629, CVE-2023-3389, CVE-2023-3390, CVE-2023-35001
SHA-256 | a4384a0d58c965d16d9a12fe71bc79afb9b36f12a4660d6419a9dae8338f976a
Ubuntu Security Notice USN-6255-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6255-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-3090, CVE-2023-31248, CVE-2023-3389, CVE-2023-3390, CVE-2023-3439, CVE-2023-35001
SHA-256 | b92e45b5821cbc38a01a9f4fad300b0ca630b46f0b15c730d3315c01259ea4d7
Ubuntu Security Notice USN-6250-1
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6250-1 - Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-2640, CVE-2023-3090, CVE-2023-31248, CVE-2023-32629, CVE-2023-3269, CVE-2023-3389, CVE-2023-3390, CVE-2023-35001
SHA-256 | a3c2bee7fb44adf555ec4f0c4513eec063216c00e3541ec88c1729871be7fb50
Ubuntu Security Notice USN-6249-1
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6249-1 - Ruihan Li discovered that the memory management subsystem in the Linux kernel contained a race condition when accessing VMAs in certain conditions, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-3269, CVE-2023-3389
SHA-256 | fa00f685b65a90c9484ef2ebfc948200123e1ec2275cb03b1d48584874eb8d27
Ubuntu Security Notice USN-6248-1
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6248-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in Adreno GPU DRM driver in the Linux kernel, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-47929, CVE-2023-21106, CVE-2023-2640, CVE-2023-31248, CVE-2023-32629, CVE-2023-3389, CVE-2023-35001
SHA-256 | b8f3da6963dc1b1e3cc8907b151d7eea0916cee6b2d4a566e0162f800b0fab21
Ubuntu Security Notice USN-6246-1
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-3090, CVE-2023-31248, CVE-2023-3389, CVE-2023-3390, CVE-2023-3439, CVE-2023-35001
SHA-256 | 7f9ddb30c299540f775c7e9d346e63ed48d654b7514ccd96b18201204baecce7
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close