csaf_suse - suse-su-2023:2431-1

suse-su-2023:2431-1

Vulnerability from csaf_suse

Published

2023-06-06 21:04

Modified

2023-06-06 21:04

Summary

Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP4)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP4)

Description of the patch

This update for the Linux Kernel 5.14.21-150400_24_38 fixes several issues. The following security issues were fixed: - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). - CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188).

Patchnames

SUSE-2023-2431,SUSE-SLE-Module-Live-Patching-15-SP4-2023-2431

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP4)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.14.21-150400_24_38 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111).\n- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500).\n- CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499).\n- CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683).\n- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662).\n- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911).\n- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-2431,SUSE-SLE-Module-Live-Patching-15-SP4-2023-2431",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2431-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:2431-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20232431-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:2431-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015106.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1207188",
        "url": "https://bugzilla.suse.com/1207188"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208911",
        "url": "https://bugzilla.suse.com/1208911"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1209683",
        "url": "https://bugzilla.suse.com/1209683"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1210499",
        "url": "https://bugzilla.suse.com/1210499"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1210500",
        "url": "https://bugzilla.suse.com/1210500"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1210662",
        "url": "https://bugzilla.suse.com/1210662"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1211111",
        "url": "https://bugzilla.suse.com/1211111"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-0386 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-0386/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-0461 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-0461/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-1281 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-1281/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-1989 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-1989/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-2162 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-2162/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-23454 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-23454/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-28464 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-28464/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP4)",
    "tracking": {
      "current_release_date": "2023-06-06T21:04:43Z",
      "generator": {
        "date": "2023-06-06T21:04:43Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:2431-1",
      "initial_release_date": "2023-06-06T21:04:43Z",
      "revision_history": [
        {
          "date": "2023-06-06T21:04:43Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP4",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x"
        },
        "product_reference": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-0386",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-0386"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel\u0027s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-0386",
          "url": "https://www.suse.com/security/cve/CVE-2023-0386"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209615 for CVE-2023-0386",
          "url": "https://bugzilla.suse.com/1209615"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210499 for CVE-2023-0386",
          "url": "https://bugzilla.suse.com/1210499"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-06-06T21:04:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-0386"
    },
    {
      "cve": "CVE-2023-0461",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-0461"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS  or CONFIG_XFRM_ESPINTCP  has to be configured, but the operation does not require any privilege.\n\nThere is a use-after-free bug of icsk_ulp_data  of a struct inet_connection_sock.\n\nWhen CONFIG_TLS  is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\n\nThe setsockopt  TCP_ULP  operation does not require any privilege.\n\nWe recommend upgrading past commit  2c02d41d71f90a5168391b6a5f2954112ba2307c",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-0461",
          "url": "https://www.suse.com/security/cve/CVE-2023-0461"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208787 for CVE-2023-0461",
          "url": "https://bugzilla.suse.com/1208787"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208911 for CVE-2023-0461",
          "url": "https://bugzilla.suse.com/1208911"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211833 for CVE-2023-0461",
          "url": "https://bugzilla.suse.com/1211833"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1217079 for CVE-2023-0461",
          "url": "https://bugzilla.suse.com/1217079"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218514 for CVE-2023-0461",
          "url": "https://bugzilla.suse.com/1218514"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-06-06T21:04:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-0461"
    },
    {
      "cve": "CVE-2023-1281",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-1281"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation.  The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when \u0027tcf_exts_exec()\u0027 is called with the destroyed tcf_ext.  A local attacker user can use this vulnerability to elevate its privileges to root.\nThis issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.\n\n",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-1281",
          "url": "https://www.suse.com/security/cve/CVE-2023-1281"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209634 for CVE-2023-1281",
          "url": "https://bugzilla.suse.com/1209634"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209683 for CVE-2023-1281",
          "url": "https://bugzilla.suse.com/1209683"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210335 for CVE-2023-1281",
          "url": "https://bugzilla.suse.com/1210335"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210423 for CVE-2023-1281",
          "url": "https://bugzilla.suse.com/1210423"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211833 for CVE-2023-1281",
          "url": "https://bugzilla.suse.com/1211833"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-06-06T21:04:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-1281"
    },
    {
      "cve": "CVE-2023-1989",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-1989"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-1989",
          "url": "https://www.suse.com/security/cve/CVE-2023-1989"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210336 for CVE-2023-1989",
          "url": "https://bugzilla.suse.com/1210336"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210500 for CVE-2023-1989",
          "url": "https://bugzilla.suse.com/1210500"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213841 for CVE-2023-1989",
          "url": "https://bugzilla.suse.com/1213841"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213842 for CVE-2023-1989",
          "url": "https://bugzilla.suse.com/1213842"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214128 for CVE-2023-1989",
          "url": "https://bugzilla.suse.com/1214128"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-06-06T21:04:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-1989"
    },
    {
      "cve": "CVE-2023-2162",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-2162"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-2162",
          "url": "https://www.suse.com/security/cve/CVE-2023-2162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210647 for CVE-2023-2162",
          "url": "https://bugzilla.suse.com/1210647"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210662 for CVE-2023-2162",
          "url": "https://bugzilla.suse.com/1210662"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213841 for CVE-2023-2162",
          "url": "https://bugzilla.suse.com/1213841"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213842 for CVE-2023-2162",
          "url": "https://bugzilla.suse.com/1213842"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214128 for CVE-2023-2162",
          "url": "https://bugzilla.suse.com/1214128"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222212 for CVE-2023-2162",
          "url": "https://bugzilla.suse.com/1222212"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-06-06T21:04:43Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-2162"
    },
    {
      "cve": "CVE-2023-23454",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-23454"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-23454",
          "url": "https://www.suse.com/security/cve/CVE-2023-23454"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207036 for CVE-2023-23454",
          "url": "https://bugzilla.suse.com/1207036"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207188 for CVE-2023-23454",
          "url": "https://bugzilla.suse.com/1207188"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208030 for CVE-2023-23454",
          "url": "https://bugzilla.suse.com/1208030"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208044 for CVE-2023-23454",
          "url": "https://bugzilla.suse.com/1208044"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208085 for CVE-2023-23454",
          "url": "https://bugzilla.suse.com/1208085"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211833 for CVE-2023-23454",
          "url": "https://bugzilla.suse.com/1211833"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-06-06T21:04:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-23454"
    },
    {
      "cve": "CVE-2023-28464",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-28464"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-28464",
          "url": "https://www.suse.com/security/cve/CVE-2023-28464"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209052 for CVE-2023-28464",
          "url": "https://bugzilla.suse.com/1209052"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211111 for CVE-2023-28464",
          "url": "https://bugzilla.suse.com/1211111"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220130 for CVE-2023-28464",
          "url": "https://bugzilla.suse.com/1220130"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-06-06T21:04:43Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-28464"
    }
  ]
}

CVE-2023-0386 (GCVE-0-2023-0386)

Vulnerability from cvelistv5

Published

2023-03-22 00:00

Modified

2025-10-21 23:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-282

Summary

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a
	https://security.netapp.com/advisory/ntap-20230420-0004/
	https://www.debian.org/security/2023/dsa-5402	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html	mailing-list
	http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html
	https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	Kernel	Version: Linux kernel 6.2-rc6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:10:55.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230420-0004/"
          },
          {
            "name": "DSA-5402",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5402"
          },
          {
            "name": "[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"
          },
          {
            "name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-0386",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T03:55:31.499341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-06-17",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0386"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:22.744Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0386"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-06-17T00:00:00+00:00",
            "value": "CVE-2023-0386 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel 6.2-rc6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel\u2019s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-282",
              "description": "CWE-282",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-27T12:11:02.905Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230420-0004/"
        },
        {
          "name": "DSA-5402",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5402"
        },
        {
          "name": "[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"
        },
        {
          "name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-0386",
    "datePublished": "2023-03-22T00:00:00.000Z",
    "dateReserved": "2023-01-18T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:15:22.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28464 (GCVE-0-2023-28464)

Vulnerability from cvelistv5

Published

2023-03-31 00:00

Modified

2024-08-02 12:38

Severity ?

CWE

Summary

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.

References

URL

Tags

	https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/
	https://www.openwall.com/lists/oss-security/2023/03/28/2
	https://www.openwall.com/lists/oss-security/2023/03/28/3
	https://security.netapp.com/advisory/ntap-20230517-0004/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:38:25.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/03/28/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/03/28/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230517-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-17T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/03/28/2"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/03/28/3"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230517-0004/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-28464",
    "datePublished": "2023-03-31T00:00:00",
    "dateReserved": "2023-03-15T00:00:00",
    "dateUpdated": "2024-08-02T12:38:25.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-23454 (GCVE-0-2023-23454)

Vulnerability from cvelistv5

Published

2023-01-12 00:00

Modified

2025-03-20 20:55

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Summary

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

References

URL

Tags

	https://www.openwall.com/lists/oss-security/2023/01/10/1
	https://www.openwall.com/lists/oss-security/2023/01/10/4
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
	https://www.debian.org/security/2023/dsa-5324	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html	mailing-list
	https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:28:40.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/01/10/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/01/10/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12"
          },
          {
            "name": "DSA-5324",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5324"
          },
          {
            "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"
          },
          {
            "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-23454",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-06T15:57:34.523485Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T20:55:38.435Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/01/10/1"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/01/10/4"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12"
        },
        {
          "name": "DSA-5324",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5324"
        },
        {
          "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"
        },
        {
          "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-23454",
    "datePublished": "2023-01-12T00:00:00.000Z",
    "dateReserved": "2023-01-12T00:00:00.000Z",
    "dateUpdated": "2025-03-20T20:55:38.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1281 (GCVE-0-2023-1281)

Vulnerability from cvelistv5

Published

2023-03-22 13:18

Modified

2025-03-05 19:22

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Summary

Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.

References

URL

Tags

	https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee059170b1f7e94e55fa6cadee544e176a6e59c2
	http://www.openwall.com/lists/oss-security/2023/04/11/3
	https://security.netapp.com/advisory/ntap-20230427-0004/
	https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
	https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Impacted products

	Vendor	Product	Version
	Linux	Linux Kernel	Version: 4.14 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:40:59.846Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee059170b1f7e94e55fa6cadee544e176a6e59c2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/04/11/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1281",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:43:38.013720Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T19:22:29.884Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Linux Kernel",
          "repo": "https://git.kernel.org",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.2",
              "status": "affected",
              "version": "4.14",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "valis"
        }
      ],
      "datePublic": "2023-02-09T15:37:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when \u0027tcf_exts_exec()\u0027 is called with the destroyed tcf_ext.\u003c/span\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eA local attacker user can use this vulnerability to elevate its privileges to root.\u003cbr\u003e\u003c/span\u003e\u003cp\u003eThis issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.\u003c/p\u003e"
            }
          ],
          "value": "Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation.\u00a0The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when \u0027tcf_exts_exec()\u0027 is called with the destroyed tcf_ext.\u00a0A local attacker user can use this vulnerability to elevate its privileges to root.\nThis issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T13:06:53.041Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee059170b1f7e94e55fa6cadee544e176a6e59c2"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/04/11/3"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0004/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "UAF in Linux kernel\u0027s tcindex (traffic control index filter) implementation",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-1281",
    "datePublished": "2023-03-22T13:18:55.460Z",
    "dateReserved": "2023-03-08T20:18:23.204Z",
    "dateUpdated": "2025-03-05T19:22:29.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2162 (GCVE-0-2023-2162)

Vulnerability from cvelistv5

Published

2023-04-19 00:00

Modified

2025-03-19 15:32

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-416

Summary

A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.

References

URL

Tags

	https://www.spinics.net/lists/linux-scsi/msg181542.html
	https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html	mailing-list
	https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	Kernel	Version: Linux Kernel version prior to Kernel 6.2 RC6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:12:20.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-scsi/msg181542.html"
          },
          {
            "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
          },
          {
            "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-2162",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-06T15:56:12.536478Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-19T15:32:43.543Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux Kernel version prior to Kernel 6.2 RC6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T13:06:42.883Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.spinics.net/lists/linux-scsi/msg181542.html"
        },
        {
          "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
        },
        {
          "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-2162",
    "datePublished": "2023-04-19T00:00:00.000Z",
    "dateReserved": "2023-04-18T00:00:00.000Z",
    "dateUpdated": "2025-03-19T15:32:43.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1989 (GCVE-0-2023-1989)

Vulnerability from cvelistv5

Published

2023-04-11 00:00

Modified

2024-08-26 13:09

Severity ?

7.1 (High) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416

Summary

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088
	https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html	mailing-list
	https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html	mailing-list
	https://security.netapp.com/advisory/ntap-20230601-0004/
	https://www.debian.org/security/2023/dsa-5492	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	Kernel	Version: Linux kernel version prior to Kernel 6.3 RC4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:05:27.122Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088"
          },
          {
            "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
          },
          {
            "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230601-0004/"
          },
          {
            "name": "DSA-5492",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5492"
          },
          {
            "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*",
              "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*",
              "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*",
              "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*",
              "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "hci_baseboard_management_controller",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "h300s"
              },
              {
                "status": "affected",
                "version": "h410c"
              },
              {
                "status": "affected",
                "version": "h410s"
              },
              {
                "status": "affected",
                "version": "h500s"
              },
              {
                "status": "affected",
                "version": "h700s"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.3+rc4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "5.10.178-3"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-1989",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T04:00:19.103887Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-26T13:09:35.058Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel version prior to Kernel 6.3 RC4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-11T19:06:36.230942",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088"
        },
        {
          "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
        },
        {
          "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230601-0004/"
        },
        {
          "name": "DSA-5492",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5492"
        },
        {
          "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-1989",
    "datePublished": "2023-04-11T00:00:00",
    "dateReserved": "2023-04-11T00:00:00",
    "dateUpdated": "2024-08-26T13:09:35.058Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-0461 (GCVE-0-2023-0461)

Vulnerability from cvelistv5

Published

2023-02-28 14:23

Modified

2025-02-13 16:38

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Summary

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c

References

URL

Tags

	https://kernel.dance/#2c02d41d71f90a5168391b6a5f2954112ba2307c
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c02d41d71f90a5168391b6a5f2954112ba2307c
	https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
	https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Impacted products

	Vendor	Product	Version
	Linux	Linux Kernel	Version: 0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:10:56.165Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20230331-0006/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kernel.dance/#2c02d41d71f90a5168391b6a5f2954112ba2307c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c02d41d71f90a5168391b6a5f2954112ba2307c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0461",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T15:55:09.289052Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T15:55:22.180Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Linux Kernel",
          "repo": "https://git.kernel.org",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2c02d41d71f90a5168391b6a5f2954112ba2307c",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "slipper"
        }
      ],
      "datePublic": "2023-01-02T23:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag \u003ccode\u003eCONFIG_TLS\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eCONFIG_XFRM_ESPINTCP\u003c/code\u003e\u0026nbsp;has to be configured, but the operation does not require any privilege.\u003c/p\u003e\u003cp\u003eThere is a use-after-free bug of \u003ccode\u003eicsk_ulp_data\u003c/code\u003e\u0026nbsp;of a \u003ccode\u003estruct inet_connection_sock\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eWhen \u003ccode\u003eCONFIG_TLS\u003c/code\u003e\u0026nbsp;is enabled, user can install a tls context (\u003ccode\u003estruct tls_context\u003c/code\u003e) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\u003c/p\u003e\u003cp\u003eThe \u003ccode\u003esetsockopt\u003c/code\u003e\u0026nbsp;\u003ccode\u003eTCP_ULP\u003c/code\u003e\u0026nbsp;operation does not require any privilege.\u003c/p\u003eWe recommend upgrading past commit\u0026nbsp;2c02d41d71f90a5168391b6a5f2954112ba2307c"
            }
          ],
          "value": "There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS\u00a0or CONFIG_XFRM_ESPINTCP\u00a0has to be configured, but the operation does not require any privilege.\n\nThere is a use-after-free bug of icsk_ulp_data\u00a0of a struct inet_connection_sock.\n\nWhen CONFIG_TLS\u00a0is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\n\nThe setsockopt\u00a0TCP_ULP\u00a0operation does not require any privilege.\n\nWe recommend upgrading past commit\u00a02c02d41d71f90a5168391b6a5f2954112ba2307c"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T13:06:48.668Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://kernel.dance/#2c02d41d71f90a5168391b6a5f2954112ba2307c"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c02d41d71f90a5168391b6a5f2954112ba2307c"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Use-after-free vulnerability in the Linux Kernel",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-0461",
    "datePublished": "2023-02-28T14:23:02.224Z",
    "dateReserved": "2023-01-24T09:47:24.966Z",
    "dateUpdated": "2025-02-13T16:38:58.993Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2023:2431-1

Vulnerability from csaf_suse

CVE-2023-0386 (GCVE-0-2023-0386)

Vulnerability from cvelistv5

CVE-2023-28464 (GCVE-0-2023-28464)

Vulnerability from cvelistv5

CVE-2023-23454 (GCVE-0-2023-23454)

Vulnerability from cvelistv5

CVE-2023-1281 (GCVE-0-2023-1281)

Vulnerability from cvelistv5

CVE-2023-2162 (GCVE-0-2023-2162)

Vulnerability from cvelistv5

CVE-2023-1989 (GCVE-0-2023-1989)

Vulnerability from cvelistv5

CVE-2023-0461 (GCVE-0-2023-0461)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature