ISHACK AI BOT

Alma Linux: CVE-2023-44487: Important: nghttp2 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 10/18/2023 Added 10/18/2023 Modified 02/14/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) alma-upgrade-aspnetcore-runtime-6.0 alma-upgrade-aspnetcore-runtime-7.0 alma-upgrade-aspnetcore-targeting-pack-6.0 alma-upgrade-aspnetcore-targeting-pack-7.0 alma-upgrade-delve alma-upgrade-dotnet alma-upgrade-dotnet-apphost-pack-6.0 alma-upgrade-dotnet-apphost-pack-7.0 alma-upgrade-dotnet-host alma-upgrade-dotnet-hostfxr-6.0 alma-upgrade-dotnet-hostfxr-7.0 alma-upgrade-dotnet-runtime-6.0 alma-upgrade-dotnet-runtime-7.0 alma-upgrade-dotnet-sdk-6.0 alma-upgrade-dotnet-sdk-6.0-source-built-artifacts alma-upgrade-dotnet-sdk-7.0 alma-upgrade-dotnet-sdk-7.0-source-built-artifacts alma-upgrade-dotnet-targeting-pack-6.0 alma-upgrade-dotnet-targeting-pack-7.0 alma-upgrade-dotnet-templates-6.0 alma-upgrade-dotnet-templates-7.0 alma-upgrade-go-toolset alma-upgrade-golang alma-upgrade-golang-bin alma-upgrade-golang-docs alma-upgrade-golang-misc alma-upgrade-golang-race alma-upgrade-golang-src alma-upgrade-golang-tests alma-upgrade-grafana alma-upgrade-libnghttp2 alma-upgrade-libnghttp2-devel alma-upgrade-netstandard-targeting-pack-2.1 alma-upgrade-nghttp2 alma-upgrade-nginx alma-upgrade-nginx-all-modules alma-upgrade-nginx-core alma-upgrade-nginx-filesystem alma-upgrade-nginx-mod-devel alma-upgrade-nginx-mod-http-image-filter alma-upgrade-nginx-mod-http-perl alma-upgrade-nginx-mod-http-xslt-filter alma-upgrade-nginx-mod-mail alma-upgrade-nginx-mod-stream alma-upgrade-nodejs alma-upgrade-nodejs-devel alma-upgrade-nodejs-docs alma-upgrade-nodejs-full-i18n alma-upgrade-nodejs-libs alma-upgrade-nodejs-nodemon alma-upgrade-nodejs-packaging alma-upgrade-nodejs-packaging-bundler alma-upgrade-npm alma-upgrade-tomcat alma-upgrade-tomcat-admin-webapps alma-upgrade-tomcat-docs-webapp alma-upgrade-tomcat-el-3.0-api alma-upgrade-tomcat-jsp-2.3-api alma-upgrade-tomcat-lib alma-upgrade-tomcat-servlet-4.0-api alma-upgrade-tomcat-webapps alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-varnish alma-upgrade-varnish-devel alma-upgrade-varnish-docs alma-upgrade-varnish-modules References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 https://errata.almalinux.org/8/ALSA-2023-5709.html https://errata.almalinux.org/8/ALSA-2023-5710.html https://errata.almalinux.org/8/ALSA-2023-5712.html https://errata.almalinux.org/8/ALSA-2023-5713.html https://errata.almalinux.org/8/ALSA-2023-5721.html https://errata.almalinux.org/8/ALSA-2023-5837.html https://errata.almalinux.org/8/ALSA-2023-5850.html https://errata.almalinux.org/8/ALSA-2023-5863.html https://errata.almalinux.org/8/ALSA-2023-5869.html https://errata.almalinux.org/8/ALSA-2023-5928.html https://errata.almalinux.org/8/ALSA-2023-5989.html https://errata.almalinux.org/8/ALSA-2023-7205.html https://errata.almalinux.org/8/ALSA-2024-1444.html https://errata.almalinux.org/9/ALSA-2023-5708.html https://errata.almalinux.org/9/ALSA-2023-5711.html https://errata.almalinux.org/9/ALSA-2023-5738.html https://errata.almalinux.org/9/ALSA-2023-5749.html https://errata.almalinux.org/9/ALSA-2023-5765.html https://errata.almalinux.org/9/ALSA-2023-5838.html https://errata.almalinux.org/9/ALSA-2023-5849.html https://errata.almalinux.org/9/ALSA-2023-5867.html https://errata.almalinux.org/9/ALSA-2023-5924.html https://errata.almalinux.org/9/ALSA-2023-5929.html https://errata.almalinux.org/9/ALSA-2023-6077.html https://errata.almalinux.org/9/ALSA-2023-6120.html https://errata.almalinux.org/9/ALSA-2023-6746.html View more

Alma Linux: CVE-2023-43788: Moderate: libXpm security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/10/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) alma-upgrade-libxpm alma-upgrade-libxpm-devel alma-upgrade-motif alma-upgrade-motif-devel alma-upgrade-motif-static References https://attackerkb.com/topics/cve-2023-43788 CVE - 2023-43788 https://errata.almalinux.org/8/ALSA-2024-2974.html https://errata.almalinux.org/8/ALSA-2024-3022.html https://errata.almalinux.org/9/ALSA-2024-2146.html https://errata.almalinux.org/9/ALSA-2024-2217.html

SUSE: CVE-2023-39194: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 10/09/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-39194 CVE - 2023-39194

MediaWiki: Incorrect Permission Assignment for Critical Resource (CVE-2023-45364) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/09/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information. Solution(s) mediawiki-upgrade-1_39_5 References https://attackerkb.com/topics/cve-2023-45364 CVE - 2023-45364 https://phabricator.wikimedia.org/T264765 https://www.debian.org/security/2023/dsa-5520

MediaWiki: Incorrect Permission Assignment for Critical Resource (CVE-2023-45369) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 10/09/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed. Solution(s) mediawiki-upgrade-1_35_12 mediawiki-upgrade-1_39_5 References https://attackerkb.com/topics/cve-2023-45369 CVE - 2023-45369 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/960676 https://phabricator.wikimedia.org/T344359

MediaWiki: Unspecified Security Vulnerability (CVE-2023-45372) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/09/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter). Solution(s) mediawiki-upgrade-1_35_12 mediawiki-upgrade-1_39_5 References https://attackerkb.com/topics/cve-2023-45372 CVE - 2023-45372 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/961264 https://phabricator.wikimedia.org/T345064

Huawei EulerOS: CVE-2023-39192: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 10/09/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-39192 CVE - 2023-39192 EulerOS-SA-2024-1086

Amazon Linux AMI 2: CVE-2023-39189: Security patch for kernel (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 10/09/2023 Created 06/11/2024 Added 06/11/2024 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-196-185-743 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-133-86-144 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-39189 AL2/ALASKERNEL-5.10-2023-040 AL2/ALASKERNEL-5.15-2023-027 AL2/ALASKERNEL-5.4-2023-053 CVE - 2023-39189

Huawei EulerOS: CVE-2023-39189: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 10/09/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-39189 CVE - 2023-39189 EulerOS-SA-2024-1086

Huawei EulerOS: CVE-2023-39193: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 10/09/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-39193 CVE - 2023-39193 EulerOS-SA-2024-1086

Huawei EulerOS: CVE-2023-39194: kernel security update Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 10/09/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-39194 CVE - 2023-39194 EulerOS-SA-2024-1086

Rocky Linux: CVE-2023-39194: kernel (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 10/09/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-39194 CVE - 2023-39194 https://errata.rockylinux.org/RLSA-2024:2950 https://errata.rockylinux.org/RLSA-2024:3138

Amazon Linux AMI 2: CVE-2023-39192: Security patch for kernel (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 10/09/2023 Created 10/17/2023 Added 10/17/2023 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-326-245-539 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-196-185-743 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-133-86-144 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-39192 AL2/ALAS-2023-2264 AL2/ALASKERNEL-5.10-2023-040 AL2/ALASKERNEL-5.15-2023-027 AL2/ALASKERNEL-5.4-2023-053 CVE - 2023-39192

Huawei EulerOS: CVE-2023-39193: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 10/09/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Solution(s) huawei-euleros-2_0_sp5-upgrade-kernel huawei-euleros-2_0_sp5-upgrade-kernel-devel huawei-euleros-2_0_sp5-upgrade-kernel-headers huawei-euleros-2_0_sp5-upgrade-kernel-tools huawei-euleros-2_0_sp5-upgrade-kernel-tools-libs huawei-euleros-2_0_sp5-upgrade-perf huawei-euleros-2_0_sp5-upgrade-python-perf References https://attackerkb.com/topics/cve-2023-39193 CVE - 2023-39193 EulerOS-SA-2024-1144

Gentoo Linux: CVE-2023-43641: libcue: Arbitrary Code Execution Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/09/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0. Solution(s) gentoo-linux-upgrade-media-libs-libcue References https://attackerkb.com/topics/cve-2023-43641 CVE - 2023-43641 202310-10

Debian: CVE-2023-39193: linux -- security update Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 10/09/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-39193 CVE - 2023-39193 DLA-3710-1

Huawei EulerOS: CVE-2023-39192: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 10/09/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. Solution(s) huawei-euleros-2_0_sp5-upgrade-kernel huawei-euleros-2_0_sp5-upgrade-kernel-devel huawei-euleros-2_0_sp5-upgrade-kernel-headers huawei-euleros-2_0_sp5-upgrade-kernel-tools huawei-euleros-2_0_sp5-upgrade-kernel-tools-libs huawei-euleros-2_0_sp5-upgrade-perf huawei-euleros-2_0_sp5-upgrade-python-perf References https://attackerkb.com/topics/cve-2023-39192 CVE - 2023-39192 EulerOS-SA-2024-1144

Debian: CVE-2023-39192: linux -- security update Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 10/09/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-39192 CVE - 2023-39192 DLA-3710-1

Debian: CVE-2023-39194: linux -- security update Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 10/09/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-39194 CVE - 2023-39194 DLA-3710-1

Debian: CVE-2023-39189: linux -- security update Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 10/09/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-39189 CVE - 2023-39189 DLA-3710-1

Huawei EulerOS: CVE-2023-44487: nghttp2 security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) huawei-euleros-2_0_sp9-upgrade-libnghttp2 References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 EulerOS-SA-2023-3346

Rocky Linux: CVE-2023-39192: kernel (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 10/09/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-39192 CVE - 2023-39192 https://errata.rockylinux.org/RLSA-2024:2950 https://errata.rockylinux.org/RLSA-2024:3138

Rocky Linux: CVE-2023-39189: kernel (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 10/09/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-39189 CVE - 2023-39189 https://errata.rockylinux.org/RLSA-2024:2950 https://errata.rockylinux.org/RLSA-2024:3138

Red Hat: CVE-2023-43788: libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 10/10/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) redhat-upgrade-libxpm redhat-upgrade-libxpm-debuginfo redhat-upgrade-libxpm-debugsource redhat-upgrade-libxpm-devel redhat-upgrade-libxpm-devel-debuginfo redhat-upgrade-motif redhat-upgrade-motif-debuginfo redhat-upgrade-motif-debugsource redhat-upgrade-motif-devel redhat-upgrade-motif-devel-debuginfo redhat-upgrade-motif-static References CVE-2023-43788 RHSA-2024:2146 RHSA-2024:2217 RHSA-2024:2974 RHSA-2024:3022

Red Hat: CVE-2023-39189: kernel: netfilter: nftables out-of-bounds read in nf_osf_match_one() (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:P) Published 10/09/2023 Created 05/24/2024 Added 05/23/2024 Modified 12/05/2024 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-39189 RHSA-2024:2394 RHSA-2024:2950 RHSA-2024:3138