ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2023-3866): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/04/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/23/2025 Description It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service (excessive CPU consumption). (CVE-2023-1206) Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2023-20569) It was discovered that the IPv6 RPL protocol implementation in the Linux kernel did not properly handle user-supplied data. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-2156) Davide Ornaghi discovered that the DECnet network protocol implementation in the Linux kernel contained a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Please note that kernel support for the DECnet has been removed to resolve this CVE. (CVE-2023-3338) Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate command payload size, leading to a out-of-bounds read vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-38432) It was discovered that the NFC implementation in the Linux kernel contained a use-after-free vulnerability when performing peer-to-peer communication in certain conditions. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3863) Laurence Wit discovered that the KSMBD implementation in the Linux kernel did not properly validate a buffer size in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-3865) Laurence Wit discovered that the KSMBD implementation in the Linux kernel contained a null pointer dereference vulnerability when handling handling chained requests. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-3866) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel did not properly handle device initialization failures in certain situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2023-4132) Andy Nguyen discovered that the KVM implementation for AMD processors in the Linux kernel with Secure Encrypted Virtualization (SEV) contained a race condition when accessing the GHCB page. A local attacker in a SEV guest VM could possibly use this to cause a denial of service (host system crash). (CVE-2023-4155) It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-4194) Maxim Suhanov discovered that the exFAT file system implementation in the Linux kernel did not properly check a file name length, leading to an out- of-bounds write vulnerability. An attacker could use this to construct a malicious exFAT image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4273) Thelford Williams discovered that the Ceph file system messenger protocol implementation in the Linux kernel did not properly validate frame segment length in certain situation, leading to a buffer overflow vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-44466) Solution(s) ubuntu-upgrade-linux-image-5-15-0-1030-gkeop ubuntu-upgrade-linux-image-5-15-0-1037-nvidia ubuntu-upgrade-linux-image-5-15-0-1037-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1040-ibm ubuntu-upgrade-linux-image-5-15-0-1040-raspi ubuntu-upgrade-linux-image-5-15-0-1043-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1044-gcp ubuntu-upgrade-linux-image-5-15-0-1044-gke ubuntu-upgrade-linux-image-5-15-0-1044-kvm ubuntu-upgrade-linux-image-5-15-0-1045-oracle ubuntu-upgrade-linux-image-5-15-0-1047-aws ubuntu-upgrade-linux-image-5-15-0-1049-azure ubuntu-upgrade-linux-image-5-15-0-1049-azure-fde ubuntu-upgrade-linux-image-5-15-0-86-generic ubuntu-upgrade-linux-image-5-15-0-86-generic-64k ubuntu-upgrade-linux-image-5-15-0-86-generic-lpae ubuntu-upgrade-linux-image-5-15-0-86-lowlatency ubuntu-upgrade-linux-image-5-15-0-86-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1008-starfive ubuntu-upgrade-linux-image-6-2-0-1009-starfive ubuntu-upgrade-linux-image-6-2-0-1011-nvidia ubuntu-upgrade-linux-image-6-2-0-1011-nvidia-64k ubuntu-upgrade-linux-image-6-2-0-1015-aws ubuntu-upgrade-linux-image-6-2-0-1015-oracle ubuntu-upgrade-linux-image-6-2-0-1016-azure ubuntu-upgrade-linux-image-6-2-0-1016-azure-fde ubuntu-upgrade-linux-image-6-2-0-1016-kvm ubuntu-upgrade-linux-image-6-2-0-1016-lowlatency ubuntu-upgrade-linux-image-6-2-0-1016-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1016-raspi ubuntu-upgrade-linux-image-6-2-0-1018-gcp ubuntu-upgrade-linux-image-6-2-0-36-generic ubuntu-upgrade-linux-image-6-2-0-36-generic-64k ubuntu-upgrade-linux-image-6-2-0-36-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-2 ubuntu-upgrade-linux-image-nvidia-64k-6-2 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-3866 CVE - 2023-3866 USN-6416-1 USN-6416-2 USN-6416-3 USN-6445-1 USN-6445-2 USN-6464-1 USN-6466-1 USN-6520-1 View more

Amazon Linux 2023: CVE-2023-43787: Medium priority package update for libXpm (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/04/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. Solution(s) amazon-linux-2023-upgrade-libx11 amazon-linux-2023-upgrade-libx11-common amazon-linux-2023-upgrade-libx11-debuginfo amazon-linux-2023-upgrade-libx11-debugsource amazon-linux-2023-upgrade-libx11-devel amazon-linux-2023-upgrade-libx11-xcb amazon-linux-2023-upgrade-libx11-xcb-debuginfo amazon-linux-2023-upgrade-libxpm amazon-linux-2023-upgrade-libxpm-debuginfo amazon-linux-2023-upgrade-libxpm-debugsource amazon-linux-2023-upgrade-libxpm-devel amazon-linux-2023-upgrade-libxpm-devel-debuginfo References https://attackerkb.com/topics/cve-2023-43787 CVE - 2023-43787 https://alas.aws.amazon.com/AL2023/ALAS-2023-382.html https://alas.aws.amazon.com/AL2023/ALAS-2023-383.html

Rocky Linux: CVE-2023-43804: python3.11-urllib3 (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:N) Published 10/04/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/30/2025 Description urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. Solution(s) rocky-upgrade-cython-debugsource rocky-upgrade-numpy-debugsource rocky-upgrade-python-cffi-debugsource rocky-upgrade-python-cryptography-debugsource rocky-upgrade-python-lxml-debugsource rocky-upgrade-python-psutil-debugsource rocky-upgrade-python-psycopg2-debugsource rocky-upgrade-python39-cffi rocky-upgrade-python39-cffi-debuginfo rocky-upgrade-python39-cryptography rocky-upgrade-python39-cryptography-debuginfo rocky-upgrade-python39-cython rocky-upgrade-python39-cython-debuginfo rocky-upgrade-python39-lxml rocky-upgrade-python39-lxml-debuginfo rocky-upgrade-python39-mod_wsgi rocky-upgrade-python39-numpy rocky-upgrade-python39-numpy-debuginfo rocky-upgrade-python39-numpy-f2py rocky-upgrade-python39-psutil rocky-upgrade-python39-psutil-debuginfo rocky-upgrade-python39-psycopg2 rocky-upgrade-python39-psycopg2-debuginfo rocky-upgrade-python39-psycopg2-doc rocky-upgrade-python39-psycopg2-tests rocky-upgrade-python39-pybind11 rocky-upgrade-python39-pybind11-devel rocky-upgrade-python39-pyyaml rocky-upgrade-python39-pyyaml-debuginfo rocky-upgrade-python39-scipy rocky-upgrade-python39-scipy-debuginfo rocky-upgrade-pyyaml-debugsource rocky-upgrade-scipy-debugsource References https://attackerkb.com/topics/cve-2023-43804 CVE - 2023-43804 https://errata.rockylinux.org/RLSA-2024:2985 https://errata.rockylinux.org/RLSA-2024:2986

Ubuntu: USN-6410-1 (CVE-2023-4692): GRUB2 vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/04/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/30/2025 Description An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. Solution(s) ubuntu-upgrade-grub-efi-amd64 ubuntu-upgrade-grub-efi-amd64-bin ubuntu-upgrade-grub-efi-amd64-signed ubuntu-upgrade-grub-efi-arm64 ubuntu-upgrade-grub-efi-arm64-bin ubuntu-upgrade-grub-efi-arm64-signed References https://attackerkb.com/topics/cve-2023-4692 CVE - 2023-4692 USN-6410-1

Ubuntu: (Multiple Advisories) (CVE-2023-43804): urllib3 vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:N) Published 10/04/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/30/2025 Description urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. Solution(s) ubuntu-pro-upgrade-python-pip ubuntu-pro-upgrade-python-pip-whl ubuntu-pro-upgrade-python-urllib3 ubuntu-pro-upgrade-python3-pip ubuntu-pro-upgrade-python3-pip-whl ubuntu-pro-upgrade-python3-urllib3 References https://attackerkb.com/topics/cve-2023-43804 CVE - 2023-43804 USN-6473-1 USN-6473-2

Ubuntu: (CVE-2023-3153): ovn vulnerability Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/04/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured. Solution(s) ubuntu-upgrade-ovn References https://attackerkb.com/topics/cve-2023-3153 CVE - 2023-3153 https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html https://www.cve.org/CVERecord?id=CVE-2023-3153

SUSE: CVE-2023-43785: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/04/2023 Created 10/05/2023 Added 10/05/2023 Modified 01/28/2025 Description A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) suse-upgrade-libx11-6 suse-upgrade-libx11-6-32bit suse-upgrade-libx11-data suse-upgrade-libx11-devel suse-upgrade-libx11-devel-32bit suse-upgrade-libx11-xcb1 suse-upgrade-libx11-xcb1-32bit References https://attackerkb.com/topics/cve-2023-43785 CVE - 2023-43785

Ubuntu: USN-6411-1 (CVE-2023-42116): Exim vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/04/2023 Created 10/06/2023 Added 10/06/2023 Modified 11/15/2024 Description Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17515. Solution(s) ubuntu-pro-upgrade-exim4 ubuntu-pro-upgrade-exim4-base ubuntu-pro-upgrade-exim4-daemon-heavy ubuntu-pro-upgrade-exim4-daemon-light ubuntu-pro-upgrade-eximon4 References https://attackerkb.com/topics/cve-2023-42116 CVE - 2023-42116 USN-6411-1

Amazon Linux 2023: CVE-2023-43785: Medium priority package update for libX11 Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/04/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) amazon-linux-2023-upgrade-libx11 amazon-linux-2023-upgrade-libx11-common amazon-linux-2023-upgrade-libx11-debuginfo amazon-linux-2023-upgrade-libx11-debugsource amazon-linux-2023-upgrade-libx11-devel amazon-linux-2023-upgrade-libx11-xcb amazon-linux-2023-upgrade-libx11-xcb-debuginfo References https://attackerkb.com/topics/cve-2023-43785 CVE - 2023-43785 https://alas.aws.amazon.com/AL2023/ALAS-2023-383.html

Gentoo Linux: CVE-2023-5371: Wireshark: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 10/04/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/28/2025 Description RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file Solution(s) gentoo-linux-upgrade-net-analyzer-wireshark References https://attackerkb.com/topics/cve-2023-5371 CVE - 2023-5371 202402-09

Amazon Linux 2023: CVE-2023-43789: Medium priority package update for libXpm Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 10/04/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. Solution(s) amazon-linux-2023-upgrade-libxpm amazon-linux-2023-upgrade-libxpm-debuginfo amazon-linux-2023-upgrade-libxpm-debugsource amazon-linux-2023-upgrade-libxpm-devel amazon-linux-2023-upgrade-libxpm-devel-debuginfo References https://attackerkb.com/topics/cve-2023-43789 CVE - 2023-43789 https://alas.aws.amazon.com/AL2023/ALAS-2023-382.html

SUSE: CVE-2023-5371: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 10/04/2023 Created 10/17/2023 Added 10/17/2023 Modified 01/28/2025 Description RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-5371 CVE - 2023-5371

Amazon Linux 2023: CVE-2023-5371: Medium priority package update for wireshark Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/04/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file A memory leak flaw was found in Wireshark's RTPS dissector. This issue may cause an application crash via packet injection or crafted capture file. Solution(s) amazon-linux-2023-upgrade-wireshark-cli amazon-linux-2023-upgrade-wireshark-cli-debuginfo amazon-linux-2023-upgrade-wireshark-debugsource amazon-linux-2023-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-5371 CVE - 2023-5371 https://alas.aws.amazon.com/AL2023/ALAS-2023-405.html

Alpine Linux: CVE-2023-43804: Exposure of Sensitive Information to an Unauthorized Actor Severity 7 CVSS (AV:N/AC:M/Au:M/C:C/I:C/A:N) Published 10/04/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. Solution(s) alpine-linux-upgrade-py3-urllib3 References https://attackerkb.com/topics/cve-2023-43804 CVE - 2023-43804 https://security.alpinelinux.org/vuln/CVE-2023-43804

Ubuntu: USN-6411-1 (CVE-2023-42115): Exim vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/04/2023 Created 10/06/2023 Added 10/06/2023 Modified 10/23/2024 Description Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17434. Solution(s) ubuntu-upgrade-exim4 ubuntu-upgrade-exim4-base ubuntu-upgrade-exim4-daemon-heavy ubuntu-upgrade-exim4-daemon-light ubuntu-upgrade-eximon4 References https://attackerkb.com/topics/cve-2023-42115 CVE - 2023-42115 USN-6411-1

Oracle Linux: CVE-2023-4692: ELSA-2024-2456:grub2 security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 10/03/2023 Created 05/22/2024 Added 05/07/2024 Modified 01/07/2025 Description An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. Solution(s) oracle-linux-upgrade-grub2-common oracle-linux-upgrade-grub2-efi-aa64 oracle-linux-upgrade-grub2-efi-aa64-cdboot oracle-linux-upgrade-grub2-efi-aa64-modules oracle-linux-upgrade-grub2-efi-ia32 oracle-linux-upgrade-grub2-efi-ia32-cdboot oracle-linux-upgrade-grub2-efi-ia32-modules oracle-linux-upgrade-grub2-efi-x64 oracle-linux-upgrade-grub2-efi-x64-cdboot oracle-linux-upgrade-grub2-efi-x64-modules oracle-linux-upgrade-grub2-pc oracle-linux-upgrade-grub2-pc-modules oracle-linux-upgrade-grub2-tools oracle-linux-upgrade-grub2-tools-efi oracle-linux-upgrade-grub2-tools-extra oracle-linux-upgrade-grub2-tools-minimal References https://attackerkb.com/topics/cve-2023-4692 CVE - 2023-4692 ELSA-2024-2456 ELSA-2024-3184

Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables) Disclosed 10/03/2023 Created 12/20/2023 Description A buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue allows an local attacker to use maliciously crafted GLIBC_TUNABLES when launching binaries with SUID permission to execute code in the context of the root user. This module targets glibc packaged on Ubuntu and Debian. The specific glibc versions this module targets are: Ubuntu: 2.35-0ubuntu3.4 > 2.35 2.37-0ubuntu2.1 > 2.37 2.38-1ubuntu6 > 2.38 Debian: 2.31-13-deb11u7 > 2.31 2.36-9-deb12u3 > 2.36 Fedora 37 and 38 and other distributions of linux also come packaged with versions of glibc vulnerable to CVE-2023-4911 however this module does not target them. Author(s) Qualys Threat Research Unit blasty <[email protected]> jheysel-r7 Platform Linux,Unix Architectures x86, x64 Development Source Code History

Huawei EulerOS: CVE-2023-4911: glibc security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/03/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Solution(s) huawei-euleros-2_0_sp11-upgrade-glibc huawei-euleros-2_0_sp11-upgrade-glibc-all-langpacks huawei-euleros-2_0_sp11-upgrade-glibc-common huawei-euleros-2_0_sp11-upgrade-glibc-locale-archive huawei-euleros-2_0_sp11-upgrade-glibc-locale-source huawei-euleros-2_0_sp11-upgrade-libnsl huawei-euleros-2_0_sp11-upgrade-nscd References https://attackerkb.com/topics/cve-2023-4911 CVE - 2023-4911 EulerOS-SA-2023-3269

VMware Photon OS: CVE-2023-4911 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/03/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4911 CVE - 2023-4911

VMware Photon OS: CVE-2023-5345 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/03/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5345 CVE - 2023-5345

Debian: CVE-2023-4911: glibc -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/03/2023 Created 10/05/2023 Added 10/05/2023 Modified 01/30/2025 Description A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Solution(s) debian-upgrade-glibc References https://attackerkb.com/topics/cve-2023-4911 CVE - 2023-4911 DSA-5514-1

CentOS Linux: CVE-2023-4911: Important: glibc security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/03/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Solution(s) centos-upgrade-compat-libpthread-nonshared centos-upgrade-glibc centos-upgrade-glibc-all-langpacks centos-upgrade-glibc-all-langpacks-debuginfo centos-upgrade-glibc-benchtests-debuginfo centos-upgrade-glibc-common centos-upgrade-glibc-common-debuginfo centos-upgrade-glibc-debuginfo centos-upgrade-glibc-debugsource centos-upgrade-glibc-devel centos-upgrade-glibc-doc centos-upgrade-glibc-gconv-extra centos-upgrade-glibc-gconv-extra-debuginfo centos-upgrade-glibc-headers centos-upgrade-glibc-langpack-aa centos-upgrade-glibc-langpack-af centos-upgrade-glibc-langpack-agr centos-upgrade-glibc-langpack-ak centos-upgrade-glibc-langpack-am centos-upgrade-glibc-langpack-an centos-upgrade-glibc-langpack-anp centos-upgrade-glibc-langpack-ar centos-upgrade-glibc-langpack-as centos-upgrade-glibc-langpack-ast centos-upgrade-glibc-langpack-ayc centos-upgrade-glibc-langpack-az centos-upgrade-glibc-langpack-be centos-upgrade-glibc-langpack-bem centos-upgrade-glibc-langpack-ber centos-upgrade-glibc-langpack-bg centos-upgrade-glibc-langpack-bhb centos-upgrade-glibc-langpack-bho centos-upgrade-glibc-langpack-bi centos-upgrade-glibc-langpack-bn centos-upgrade-glibc-langpack-bo centos-upgrade-glibc-langpack-br centos-upgrade-glibc-langpack-brx centos-upgrade-glibc-langpack-bs centos-upgrade-glibc-langpack-byn centos-upgrade-glibc-langpack-ca centos-upgrade-glibc-langpack-ce centos-upgrade-glibc-langpack-chr centos-upgrade-glibc-langpack-ckb centos-upgrade-glibc-langpack-cmn centos-upgrade-glibc-langpack-crh centos-upgrade-glibc-langpack-cs centos-upgrade-glibc-langpack-csb centos-upgrade-glibc-langpack-cv centos-upgrade-glibc-langpack-cy centos-upgrade-glibc-langpack-da centos-upgrade-glibc-langpack-de centos-upgrade-glibc-langpack-doi centos-upgrade-glibc-langpack-dsb centos-upgrade-glibc-langpack-dv centos-upgrade-glibc-langpack-dz centos-upgrade-glibc-langpack-el centos-upgrade-glibc-langpack-en centos-upgrade-glibc-langpack-eo centos-upgrade-glibc-langpack-es centos-upgrade-glibc-langpack-et centos-upgrade-glibc-langpack-eu centos-upgrade-glibc-langpack-fa centos-upgrade-glibc-langpack-ff centos-upgrade-glibc-langpack-fi centos-upgrade-glibc-langpack-fil centos-upgrade-glibc-langpack-fo centos-upgrade-glibc-langpack-fr centos-upgrade-glibc-langpack-fur centos-upgrade-glibc-langpack-fy centos-upgrade-glibc-langpack-ga centos-upgrade-glibc-langpack-gd centos-upgrade-glibc-langpack-gez centos-upgrade-glibc-langpack-gl centos-upgrade-glibc-langpack-gu centos-upgrade-glibc-langpack-gv centos-upgrade-glibc-langpack-ha centos-upgrade-glibc-langpack-hak centos-upgrade-glibc-langpack-he centos-upgrade-glibc-langpack-hi centos-upgrade-glibc-langpack-hif centos-upgrade-glibc-langpack-hne centos-upgrade-glibc-langpack-hr centos-upgrade-glibc-langpack-hsb centos-upgrade-glibc-langpack-ht centos-upgrade-glibc-langpack-hu centos-upgrade-glibc-langpack-hy centos-upgrade-glibc-langpack-ia centos-upgrade-glibc-langpack-id centos-upgrade-glibc-langpack-ig centos-upgrade-glibc-langpack-ik centos-upgrade-glibc-langpack-is centos-upgrade-glibc-langpack-it centos-upgrade-glibc-langpack-iu centos-upgrade-glibc-langpack-ja centos-upgrade-glibc-langpack-ka centos-upgrade-glibc-langpack-kab centos-upgrade-glibc-langpack-kk centos-upgrade-glibc-langpack-kl centos-upgrade-glibc-langpack-km centos-upgrade-glibc-langpack-kn centos-upgrade-glibc-langpack-ko centos-upgrade-glibc-langpack-kok centos-upgrade-glibc-langpack-ks centos-upgrade-glibc-langpack-ku centos-upgrade-glibc-langpack-kw centos-upgrade-glibc-langpack-ky centos-upgrade-glibc-langpack-lb centos-upgrade-glibc-langpack-lg centos-upgrade-glibc-langpack-li centos-upgrade-glibc-langpack-lij centos-upgrade-glibc-langpack-ln centos-upgrade-glibc-langpack-lo centos-upgrade-glibc-langpack-lt centos-upgrade-glibc-langpack-lv centos-upgrade-glibc-langpack-lzh centos-upgrade-glibc-langpack-mag centos-upgrade-glibc-langpack-mai centos-upgrade-glibc-langpack-mfe centos-upgrade-glibc-langpack-mg centos-upgrade-glibc-langpack-mhr centos-upgrade-glibc-langpack-mi centos-upgrade-glibc-langpack-miq centos-upgrade-glibc-langpack-mjw centos-upgrade-glibc-langpack-mk centos-upgrade-glibc-langpack-ml centos-upgrade-glibc-langpack-mn centos-upgrade-glibc-langpack-mni centos-upgrade-glibc-langpack-mnw centos-upgrade-glibc-langpack-mr centos-upgrade-glibc-langpack-ms centos-upgrade-glibc-langpack-mt centos-upgrade-glibc-langpack-my centos-upgrade-glibc-langpack-nan centos-upgrade-glibc-langpack-nb centos-upgrade-glibc-langpack-nds centos-upgrade-glibc-langpack-ne centos-upgrade-glibc-langpack-nhn centos-upgrade-glibc-langpack-niu centos-upgrade-glibc-langpack-nl centos-upgrade-glibc-langpack-nn centos-upgrade-glibc-langpack-nr centos-upgrade-glibc-langpack-nso centos-upgrade-glibc-langpack-oc centos-upgrade-glibc-langpack-om centos-upgrade-glibc-langpack-or centos-upgrade-glibc-langpack-os centos-upgrade-glibc-langpack-pa centos-upgrade-glibc-langpack-pap centos-upgrade-glibc-langpack-pl centos-upgrade-glibc-langpack-ps centos-upgrade-glibc-langpack-pt centos-upgrade-glibc-langpack-quz centos-upgrade-glibc-langpack-raj centos-upgrade-glibc-langpack-ro centos-upgrade-glibc-langpack-ru centos-upgrade-glibc-langpack-rw centos-upgrade-glibc-langpack-sa centos-upgrade-glibc-langpack-sah centos-upgrade-glibc-langpack-sat centos-upgrade-glibc-langpack-sc centos-upgrade-glibc-langpack-sd centos-upgrade-glibc-langpack-se centos-upgrade-glibc-langpack-sgs centos-upgrade-glibc-langpack-shn centos-upgrade-glibc-langpack-shs centos-upgrade-glibc-langpack-si centos-upgrade-glibc-langpack-sid centos-upgrade-glibc-langpack-sk centos-upgrade-glibc-langpack-sl centos-upgrade-glibc-langpack-sm centos-upgrade-glibc-langpack-so centos-upgrade-glibc-langpack-sq centos-upgrade-glibc-langpack-sr centos-upgrade-glibc-langpack-ss centos-upgrade-glibc-langpack-st centos-upgrade-glibc-langpack-sv centos-upgrade-glibc-langpack-sw centos-upgrade-glibc-langpack-szl centos-upgrade-glibc-langpack-ta centos-upgrade-glibc-langpack-tcy centos-upgrade-glibc-langpack-te centos-upgrade-glibc-langpack-tg centos-upgrade-glibc-langpack-th centos-upgrade-glibc-langpack-the centos-upgrade-glibc-langpack-ti centos-upgrade-glibc-langpack-tig centos-upgrade-glibc-langpack-tk centos-upgrade-glibc-langpack-tl centos-upgrade-glibc-langpack-tn centos-upgrade-glibc-langpack-to centos-upgrade-glibc-langpack-tpi centos-upgrade-glibc-langpack-tr centos-upgrade-glibc-langpack-ts centos-upgrade-glibc-langpack-tt centos-upgrade-glibc-langpack-ug centos-upgrade-glibc-langpack-uk centos-upgrade-glibc-langpack-unm centos-upgrade-glibc-langpack-ur centos-upgrade-glibc-langpack-uz centos-upgrade-glibc-langpack-ve centos-upgrade-glibc-langpack-vi centos-upgrade-glibc-langpack-wa centos-upgrade-glibc-langpack-wae centos-upgrade-glibc-langpack-wal centos-upgrade-glibc-langpack-wo centos-upgrade-glibc-langpack-xh centos-upgrade-glibc-langpack-yi centos-upgrade-glibc-langpack-yo centos-upgrade-glibc-langpack-yue centos-upgrade-glibc-langpack-yuw centos-upgrade-glibc-langpack-zh centos-upgrade-glibc-langpack-zu centos-upgrade-glibc-locale-source centos-upgrade-glibc-minimal-langpack centos-upgrade-glibc-utils centos-upgrade-glibc-utils-debuginfo centos-upgrade-libnsl centos-upgrade-libnsl-debuginfo centos-upgrade-nscd centos-upgrade-nscd-debuginfo centos-upgrade-nss_db centos-upgrade-nss_db-debuginfo centos-upgrade-nss_hesiod-debuginfo References CVE-2023-4911

Debian: CVE-2023-5345: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/03/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-5345 CVE - 2023-5345

Debian: CVE-2023-4732: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 10/03/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-4732 CVE - 2023-4732

SUSE: CVE-2023-5345: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/03/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-5345 CVE - 2023-5345