ISHACK AI BOT

Microsoft Windows: CVE-2023-32009: Windows Collaborative Translation Framework Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 08/07/2024 Description Windows Collaborative Translation Framework Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5027219 microsoft-windows-windows_10-1809-kb5027222 microsoft-windows-windows_10-21h2-kb5027215 microsoft-windows-windows_10-22h2-kb5027215 microsoft-windows-windows_11-21h2-kb5027223 microsoft-windows-windows_11-22h2-kb5027231 microsoft-windows-windows_server_2016-1607-kb5027219 microsoft-windows-windows_server_2019-1809-kb5027222 microsoft-windows-windows_server_2022-21h2-kb5027225 microsoft-windows-windows_server_2022-22h2-kb5027225 References https://attackerkb.com/topics/cve-2023-32009 CVE - 2023-32009 https://support.microsoft.com/help/5027215 https://support.microsoft.com/help/5027219 https://support.microsoft.com/help/5027222 https://support.microsoft.com/help/5027223 https://support.microsoft.com/help/5027225 https://support.microsoft.com/help/5027231 View more

Microsoft CVE-2023-33133: Microsoft Excel Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 06/15/2023 Description Microsoft CVE-2023-33133: Microsoft Excel Remote Code Execution Vulnerability Solution(s) msft-kb5002401-dcc5af00-dd02-4a1e-b432-6642f72326af msft-kb5002414-2e2a2258-68ba-4fbb-a76b-9757a473cffd msft-kb5002414-4906e766-4086-4f4b-91d9-9ded7eac4d84 References https://attackerkb.com/topics/cve-2023-33133 CVE - 2023-33133 5002401 5002405 5002414

Microsoft Windows: CVE-2023-32010: Windows Bus Filter Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 05/14/2024 Description Windows Bus Filter Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_11-22h2-kb5027231 References https://attackerkb.com/topics/cve-2023-32010 CVE - 2023-32010 https://support.microsoft.com/help/5027231

Microsoft Windows: CVE-2023-32015: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 09/06/2024 Description Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5027230 microsoft-windows-windows_10-1607-kb5027219 microsoft-windows-windows_10-1809-kb5027222 microsoft-windows-windows_10-21h2-kb5027215 microsoft-windows-windows_10-22h2-kb5027215 microsoft-windows-windows_11-21h2-kb5027223 microsoft-windows-windows_11-22h2-kb5027231 microsoft-windows-windows_server_2012-kb5027281 microsoft-windows-windows_server_2012_r2-kb5027282 microsoft-windows-windows_server_2016-1607-kb5027219 microsoft-windows-windows_server_2019-1809-kb5027222 microsoft-windows-windows_server_2022-21h2-kb5027225 microsoft-windows-windows_server_2022-22h2-kb5027225 msft-kb5027256-217a6141-d7e5-4eb3-bae3-fa31c30edc73 msft-kb5027277-121b55ee-2a81-4d6b-84ae-8d5ea84777fe msft-kb5027277-e5a5cbd0-acc8-43e0-964a-35aaad2f36a7 References https://attackerkb.com/topics/cve-2023-32015 CVE - 2023-32015 https://support.microsoft.com/help/5027215 https://support.microsoft.com/help/5027219 https://support.microsoft.com/help/5027222 https://support.microsoft.com/help/5027223 https://support.microsoft.com/help/5027225 https://support.microsoft.com/help/5027230 https://support.microsoft.com/help/5027231 https://support.microsoft.com/help/5027271 https://support.microsoft.com/help/5027281 https://support.microsoft.com/help/5027282 View more

Microsoft Edge Chromium: CVE-2023-3217 Use after free in WebXR Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/16/2023 Added 06/16/2023 Modified 01/28/2025 Description Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-3217 CVE - 2023-3217 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3217

Fortinet FortiOS: Loop with Unreachable Exit Condition ('Infinite Loop') (CVE-2023-33305) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 06/13/2023 Created 06/27/2023 Added 06/26/2023 Modified 01/30/2025 Description A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions,FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests. Solution(s) fortios-upgrade-latest References https://attackerkb.com/topics/cve-2023-33305 CVE - 2023-33305 https://fortiguard.com/psirt/FG-IR-22-375

Microsoft CVE-2023-32031: Microsoft Exchange Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 08/30/2023 Description Deprecated Solution(s)

Microsoft CVE-2023-28310: Microsoft Exchange Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:A/AC:L/Au:S/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 08/30/2023 Description Deprecated Solution(s)

Microsoft CVE-2023-24897: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 06/20/2023 Description Microsoft CVE-2023-24897: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Solution(s) msft-kb5027108-c3d2aaea-249d-4639-9ca2-72d398e5fab6 msft-kb5027109-021f51f2-e4b4-41f6-8203-d09db117d480 msft-kb5027110-12f3452f-ffd8-47dd-9bad-4a9200b7f07a msft-kb5027111-73169ef9-9bf0-400e-9ff4-32b91f9dddd0 msft-kb5027112-e608d88d-771e-4d30-98dd-69f2b4d631e5 msft-kb5027113-13dce6e5-1341-4b17-ae77-c7c71c7d86bf msft-kb5027113-2312d0e2-df18-4b2d-af7e-df41d120d82d msft-kb5027113-5cbb99b6-b376-4b2b-b6c3-533c80639d48 msft-kb5027117-59b55099-a338-4646-8bf0-56db76ab3077 msft-kb5027117-5bb35fe1-89fd-456b-a09a-245d55cecee0 msft-kb5027117-899600b2-7636-4758-b9a3-353f54d52373 msft-kb5027117-bc960760-8334-4471-962d-b2683794a1c6 msft-kb5027119-30c3a269-d750-4782-8b9c-7cf1d51738cb msft-kb5027121-91bb57d0-39ad-4710-8cdd-0f55473f6884 msft-kb5027122-3f6275f2-bca0-468b-ae27-d2e9cbd1409e msft-kb5027122-7743573f-3f05-4b58-aed4-7d8eb5bd0599 msft-kb5027122-9182c97b-7543-44e5-a7a8-265e06505a16 msft-kb5027122-cd149e9d-bac2-4725-92a1-e5abd91d579b msft-kb5027123-0b8ef3c7-e221-4e25-8e31-a053bd99519f msft-kb5027123-88be53f9-f605-408d-9e89-3ccce71a96f2 msft-kb5027123-ab03ae8a-8d5f-4197-b8c3-9211fa702834 msft-kb5027124-37ea2d6b-9016-4b35-8da7-b238a0b1ca89 msft-kb5027124-8fe3d0bd-a56d-4051-ace5-672e61669d58 msft-kb5027124-bb7f2723-fa53-4e2c-a587-b4cad8cab182 msft-kb5027125-88bd12f2-3125-42ec-b171-5e7a8a9480a0 msft-kb5027126-2113428a-0f30-45f5-8f1f-d30c14b5f9a3 msft-kb5027127-e552c0b9-30eb-429a-969e-ae6e2eead5d4 msft-kb5027127-fb7a0e19-3154-48ed-be7a-5754c1005e01 msft-kb5027128-198c9628-d9e1-442e-bef7-6f609877cf07 msft-kb5027129-3b08f00a-8b60-43b2-8192-36645c9762ac msft-kb5027131-11a4c22e-02fd-46b0-adeb-25ad7831aea9 msft-kb5027131-1d8d8031-d7f3-4d96-b2ba-555764fe8182 msft-kb5027131-65921cb7-1b57-49bd-8dc1-ce674d5bd43a msft-kb5027132-01d1959c-2de7-4fff-8dd4-cc6275f3238d msft-kb5027133-5aab5f15-84d0-47e8-84aa-32e5080ed191 msft-kb5027134-216c29c3-5733-4bdd-ba34-e3be149c0e48 msft-kb5027134-595342db-7d13-40e4-86dc-3e69097227ae msft-kb5027134-aa08f5f1-d0f8-40f5-8377-28e38c4c2068 msft-kb5027230-3f6ad596-36ab-4c78-a041-2b28af5404ac msft-kb5027230-cf798feb-ebf9-403d-ad8d-8754cb6d62c5 References https://attackerkb.com/topics/cve-2023-24897 CVE - 2023-24897 5025792 5026610 5027108 5027109 5027110 5027111 5027112 5027113 5027117 5027118 5027119 5027121 5027122 5027123 5027124 5027125 5027126 5027127 5027128 5027129 5027131 5027132 5027133 5027134 5027219 5027230 5027531 5027532 5027533 5027534 5027536 5027537 5027538 5027539 5027540 5027541 5027542 5027543 5027544 5027797 5027798 View more

Microsoft CVE-2023-24895: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 06/20/2023 Description Microsoft CVE-2023-24895: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Solution(s) msft-kb5027107-1eaea069-864f-4ec5-9a6e-9879cabc9aa3 msft-kb5027108-c3d2aaea-249d-4639-9ca2-72d398e5fab6 msft-kb5027109-021f51f2-e4b4-41f6-8203-d09db117d480 msft-kb5027110-12f3452f-ffd8-47dd-9bad-4a9200b7f07a msft-kb5027111-73169ef9-9bf0-400e-9ff4-32b91f9dddd0 msft-kb5027112-e608d88d-771e-4d30-98dd-69f2b4d631e5 msft-kb5027113-13dce6e5-1341-4b17-ae77-c7c71c7d86bf msft-kb5027113-2312d0e2-df18-4b2d-af7e-df41d120d82d msft-kb5027113-5cbb99b6-b376-4b2b-b6c3-533c80639d48 msft-kb5027114-118fdc46-de8d-45f7-b7f7-1ba2b364fd73 msft-kb5027114-47baeabc-efa6-4aa2-859e-6db33df0f4e5 msft-kb5027115-7ee2a955-10ad-479c-a410-d35c59e7eb01 msft-kb5027116-650e20d6-4b0d-40b4-a32b-ace58d928845 msft-kb5027117-59b55099-a338-4646-8bf0-56db76ab3077 msft-kb5027117-5bb35fe1-89fd-456b-a09a-245d55cecee0 msft-kb5027117-899600b2-7636-4758-b9a3-353f54d52373 msft-kb5027117-bc960760-8334-4471-962d-b2683794a1c6 msft-kb5027119-30c3a269-d750-4782-8b9c-7cf1d51738cb msft-kb5027121-91bb57d0-39ad-4710-8cdd-0f55473f6884 msft-kb5027122-3f6275f2-bca0-468b-ae27-d2e9cbd1409e msft-kb5027122-7743573f-3f05-4b58-aed4-7d8eb5bd0599 msft-kb5027122-9182c97b-7543-44e5-a7a8-265e06505a16 msft-kb5027122-cd149e9d-bac2-4725-92a1-e5abd91d579b msft-kb5027123-0b8ef3c7-e221-4e25-8e31-a053bd99519f msft-kb5027123-88be53f9-f605-408d-9e89-3ccce71a96f2 msft-kb5027123-ab03ae8a-8d5f-4197-b8c3-9211fa702834 msft-kb5027124-37ea2d6b-9016-4b35-8da7-b238a0b1ca89 msft-kb5027124-8fe3d0bd-a56d-4051-ace5-672e61669d58 msft-kb5027124-bb7f2723-fa53-4e2c-a587-b4cad8cab182 msft-kb5027125-88bd12f2-3125-42ec-b171-5e7a8a9480a0 msft-kb5027126-2113428a-0f30-45f5-8f1f-d30c14b5f9a3 msft-kb5027127-e552c0b9-30eb-429a-969e-ae6e2eead5d4 msft-kb5027127-fb7a0e19-3154-48ed-be7a-5754c1005e01 msft-kb5027128-198c9628-d9e1-442e-bef7-6f609877cf07 msft-kb5027129-3b08f00a-8b60-43b2-8192-36645c9762ac msft-kb5027131-11a4c22e-02fd-46b0-adeb-25ad7831aea9 msft-kb5027131-1d8d8031-d7f3-4d96-b2ba-555764fe8182 msft-kb5027131-65921cb7-1b57-49bd-8dc1-ce674d5bd43a msft-kb5027132-01d1959c-2de7-4fff-8dd4-cc6275f3238d msft-kb5027133-5aab5f15-84d0-47e8-84aa-32e5080ed191 msft-kb5027134-216c29c3-5733-4bdd-ba34-e3be149c0e48 msft-kb5027134-595342db-7d13-40e4-86dc-3e69097227ae msft-kb5027134-aa08f5f1-d0f8-40f5-8377-28e38c4c2068 msft-kb5027138-6a789119-f236-46de-8b9b-5e209c84dd94 msft-kb5027139-16bf4bba-9dc5-4640-82f5-425c900e1e08 msft-kb5027139-80b25d48-d4e9-437e-8386-574d80a0e7f5 msft-kb5027140-77d8edb0-69ea-44a0-b4ff-f84dc6fe4bc0 msft-kb5027141-5084b83e-612c-4ab8-a4bb-9900a00b3464 msft-kb5027230-3f6ad596-36ab-4c78-a041-2b28af5404ac msft-kb5027230-cf798feb-ebf9-403d-ad8d-8754cb6d62c5 References https://attackerkb.com/topics/cve-2023-24895 CVE - 2023-24895 5027107 5027108 5027109 5027110 5027111 5027112 5027113 5027114 5027115 5027116 5027117 5027118 5027119 5027121 5027122 5027123 5027124 5027125 5027126 5027127 5027128 5027129 5027131 5027132 5027133 5027134 5027138 5027139 5027140 5027141 5027219 5027230 5027531 5027532 5027533 5027534 5027536 5027537 5027538 5027539 5027540 5027541 5027542 5027543 5027544 5027797 5027798 View more

Microsoft Windows: CVE-2023-32018: Windows Hello Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 05/14/2024 Description Windows Hello Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_11-22h2-kb5027231 References https://attackerkb.com/topics/cve-2023-32018 CVE - 2023-32018 https://support.microsoft.com/help/5027231

Huawei EulerOS: CVE-2023-3159: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 06/12/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-3159 CVE - 2023-3159 EulerOS-SA-2023-2584

Huawei EulerOS: CVE-2023-3161: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/12/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-3161 CVE - 2023-3161 EulerOS-SA-2023-2614

VMware Photon OS: CVE-2023-3159 Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 06/12/2023 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-3159 CVE - 2023-3159

Debian: CVE-2023-34246: ruby-doorkeeper -- security update Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 06/12/2023 Created 07/17/2023 Added 07/17/2023 Modified 01/28/2025 Description Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6. Solution(s) debian-upgrade-ruby-doorkeeper References https://attackerkb.com/topics/cve-2023-34246 CVE - 2023-34246 DLA-3494-1

Debian: CVE-2023-3159: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 06/12/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-3159 CVE - 2023-3159

FreeBSD: VID-F7E9A1CC-0931-11EE-94B4-6CC21735F730: xmltooling -- remote resource access Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/12/2023 Created 06/14/2023 Added 06/13/2023 Modified 06/13/2023 Description Shibboleth consortium reports: An updated version of the XMLTooling library that is part of the OpenSAML and Shibboleth Service Provider software is now available which corrects a server-side request forgery (SSRF) vulnerability. Including certain legal but "malicious in intent" content in the KeyInfo element defined by the XML Signature standard will result in attempts by the SP's shibd process to dereference untrusted URLs. While the content of the URL must be supplied within the message and does not include any SP internal state or dynamic content, there is at minimum a risk of denial of service, and the attack could be combined with others to create more serious vulnerabilities in the future. Solution(s) freebsd-upgrade-package-xmltooling

Debian: CVE-2023-3161: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/12/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-3161 CVE - 2023-3161

Huawei EulerOS: CVE-2023-3159: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 06/12/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs References https://attackerkb.com/topics/cve-2023-3159 CVE - 2023-3159 EulerOS-SA-2023-2811

Ubuntu: (Multiple Advisories) (CVE-2023-3161): Linux kernel (Xilinx ZynqMP) vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/12/2023 Created 07/13/2023 Added 07/13/2023 Modified 01/28/2025 Description A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. Solution(s) ubuntu-upgrade-linux-image-4-4-0-1121-aws ubuntu-upgrade-linux-image-4-4-0-1122-kvm ubuntu-upgrade-linux-image-4-4-0-1159-aws ubuntu-upgrade-linux-image-4-4-0-243-generic ubuntu-upgrade-linux-image-4-4-0-243-lowlatency ubuntu-upgrade-linux-image-5-4-0-1017-iot ubuntu-upgrade-linux-image-5-4-0-1024-xilinx-zynqmp ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-3161 CVE - 2023-3161 USN-6222-1 USN-6254-1 USN-6256-1

Huawei EulerOS: CVE-2023-3161: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/12/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs References https://attackerkb.com/topics/cve-2023-3161 CVE - 2023-3161 EulerOS-SA-2023-2811

SUSE: CVE-2023-3161: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/12/2023 Created 06/28/2023 Added 06/28/2023 Modified 01/28/2025 Description A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-ec2 suse-upgrade-kernel-ec2-base suse-upgrade-kernel-ec2-devel suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-trace suse-upgrade-kernel-trace-base suse-upgrade-kernel-trace-devel suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-xen suse-upgrade-kernel-xen-base suse-upgrade-kernel-xen-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-3161 CVE - 2023-3161

Huawei EulerOS: CVE-2023-3161: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/12/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-3161 CVE - 2023-3161 EulerOS-SA-2023-3132

Alma Linux: CVE-2023-3161: Important: kernel security, bug fix, and enhancement update (ALSA-2023-7077) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/12/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-devel alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-3161 CVE - 2023-3161 https://errata.almalinux.org/8/ALSA-2023-7077.html

Fortinet FortiOS: Out-of-bounds Write (CVE-2023-27997) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/12/2023 Created 06/12/2023 Added 06/12/2023 Modified 10/11/2024 Description A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. Solution(s) fortios-upgrade-6_0_17 fortios-upgrade-6_2_14 fortios-upgrade-6_4_13 fortios-upgrade-7_0_12 fortios-upgrade-7_2_5 References https://attackerkb.com/topics/cve-2023-27997 CVE - 2023-27997 https://fortiguard.com/psirt/FG-IR-23-097