ISHACK AI BOT

Aruba AOS-10: CVE-2023-22772: Authenticated Path Traversal in ArubaOS Web-based Management Interface Allows for Arbitrary File Deletion. Severity 8 CVSS (AV:N/AC:L/Au:M/C:N/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system. Solution(s) aruba-aos-10-cve-2023-22772 References https://attackerkb.com/topics/cve-2023-22772 CVE - 2023-22772 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Aruba AOS-10: CVE-2023-22774: Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion. Severity 8 CVSS (AV:N/AC:L/Au:M/C:N/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system. Solution(s) aruba-aos-10-cve-2023-22774 References https://attackerkb.com/topics/cve-2023-22774 CVE - 2023-22774 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

VMware Photon OS: CVE-2022-41725 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-41725 CVE - 2022-41725

Aruba AOS-10: CVE-2023-22755: Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Solution(s) aruba-aos-10-cve-2023-22755 References https://attackerkb.com/topics/cve-2023-22755 CVE - 2023-22755 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

VMware Photon OS: CVE-2023-22998 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 02/28/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-22998 CVE - 2023-22998

Aruba AOS-10: CVE-2023-22751: Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There are stack-based buffer overflow vulnerabilities thatcould lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Solution(s) aruba-aos-10-cve-2023-22751 References https://attackerkb.com/topics/cve-2023-22751 CVE - 2023-22751 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Aruba AOS-10: CVE-2023-22750: Multiple Unauthenticated Command Injections in the PAPI Protocol Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Solution(s) aruba-aos-10-cve-2023-22750 References https://attackerkb.com/topics/cve-2023-22750 CVE - 2023-22750 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

VMware Photon OS: CVE-2022-41722 Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 02/28/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b". Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-41722 CVE - 2022-41722

Aruba AOS-10: CVE-2023-22760: Authenticated Remote Command Execution in ArubaOS Web-based Management Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. Solution(s) aruba-aos-10-cve-2023-22760 References https://attackerkb.com/topics/cve-2023-22760 CVE - 2023-22760 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Aruba AOS-10: CVE-2023-22773: Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion. Severity 8 CVSS (AV:N/AC:L/Au:M/C:N/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system. Solution(s) aruba-aos-10-cve-2023-22773 References https://attackerkb.com/topics/cve-2023-22773 CVE - 2023-22773 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Oracle Linux: CVE-2023-27371: ELSA-2023-6566:libmicrohttpd security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 11/24/2023 Added 11/22/2023 Modified 12/17/2024 Description GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. An out-of-bounds flaw was found in GNU's libmicrohttpd due to improper parsing of a multipart/form-data boundary in the MHD_create_post_processor() method in postprocessor.c. This flaw allows an attacker to remotely send a malicious HTTP POST packet that includes one or more ‘\0’ bytes in a multipart/form-data boundary field, which, assuming a specific heap layout, will result in an out-of-bounds read and a crash in the find_boundary() function, causing a denial of service. Solution(s) oracle-linux-upgrade-libmicrohttpd oracle-linux-upgrade-libmicrohttpd-devel oracle-linux-upgrade-libmicrohttpd-doc References https://attackerkb.com/topics/cve-2023-27371 CVE - 2023-27371 ELSA-2023-6566 ELSA-2023-7090

VMware Photon OS: CVE-2022-41724 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-41724 CVE - 2022-41724

SUSE: CVE-2023-22995: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/28/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2023-22995 CVE - 2023-22995

Huawei EulerOS: CVE-2023-1095: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 02/28/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-1095 CVE - 2023-1095 EulerOS-SA-2023-1551

Debian: CVE-2023-0461: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/28/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/28/2025 Description There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-0461 CVE - 2023-0461 DLA-3403-1 DLA-3404-1

Alma Linux: CVE-2019-14560: Moderate: edk2 security and bug fix update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/28/2023 Created 11/17/2023 Added 11/16/2023 Modified 09/18/2024 Description Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. Solution(s) alma-upgrade-edk2-aarch64 alma-upgrade-edk2-ovmf alma-upgrade-edk2-tools alma-upgrade-edk2-tools-doc References https://attackerkb.com/topics/cve-2019-14560 CVE - 2019-14560 https://errata.almalinux.org/8/ALSA-2023-6919.html https://errata.almalinux.org/9/ALSA-2023-6330.html

SUSE: CVE-2023-27320: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/28/2023 Created 03/30/2023 Added 03/30/2023 Modified 01/28/2025 Description Sudo before 1.9.13p2 has a double free in the per-command chroot feature. Solution(s) suse-upgrade-sudo suse-upgrade-sudo-devel suse-upgrade-sudo-plugin-python suse-upgrade-sudo-test References https://attackerkb.com/topics/cve-2023-27320 CVE - 2023-27320

Oracle Linux: CVE-2022-36021: ELSA-2025-0595:redis:6 security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 02/28/2023 Created 01/28/2025 Added 01/24/2025 Modified 01/31/2025 Description Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. A vulnerability was found in Redis. This flaw allows an authenticated to use string matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial of service attack on Redis, causing it to hang and consume 100% of CPU time. Solution(s) oracle-linux-upgrade-redis oracle-linux-upgrade-redis-devel oracle-linux-upgrade-redis-doc References https://attackerkb.com/topics/cve-2022-36021 CVE - 2022-36021 ELSA-2025-0595

Ubuntu: (Multiple Advisories) (CVE-2022-41723): Go vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 11/16/2024 Added 11/15/2024 Modified 01/28/2025 Description A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. Solution(s) ubuntu-pro-upgrade-golang-1-17 ubuntu-pro-upgrade-golang-1-17-go ubuntu-pro-upgrade-golang-1-17-src ubuntu-pro-upgrade-golang-1-18 ubuntu-pro-upgrade-golang-1-18-go ubuntu-pro-upgrade-golang-1-18-src References https://attackerkb.com/topics/cve-2022-41723 CVE - 2022-41723 USN-7109-1 USN-7111-1

Debian: CVE-2023-1017: libtpms -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/28/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. Solution(s) debian-upgrade-libtpms References https://attackerkb.com/topics/cve-2023-1017 CVE - 2023-1017

Red Hat: CVE-2019-14560: edk2: Function GetEfiGlobalVariable2() return value not checked in DxeImageVerificationHandler() (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/28/2023 Created 11/09/2023 Added 11/08/2023 Modified 09/13/2024 Description Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. Solution(s) redhat-upgrade-edk2-aarch64 redhat-upgrade-edk2-debugsource redhat-upgrade-edk2-ovmf redhat-upgrade-edk2-tools redhat-upgrade-edk2-tools-debuginfo redhat-upgrade-edk2-tools-doc References CVE-2019-14560 RHSA-2023:6330 RHSA-2023:6919 RHSA-2024:0408 RHSA-2024:1415

Debian: CVE-2022-41723: golang-1.19, golang-golang-x-net -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. Solution(s) debian-upgrade-golang-1-19 debian-upgrade-golang-golang-x-net References https://attackerkb.com/topics/cve-2022-41723 CVE - 2022-41723

Amazon Linux AMI: CVE-2023-0461: Security patch for kernel (ALAS-2023-1706) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/28/2023 Created 01/25/2025 Added 04/11/2024 Modified 04/11/2024 Description There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1706 CVE-2023-0461

SUSE: CVE-2023-1018: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 02/28/2023 Created 05/05/2023 Added 04/28/2023 Modified 01/28/2025 Description An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. Solution(s) suse-upgrade-libtpms-devel suse-upgrade-libtpms0 References https://attackerkb.com/topics/cve-2023-1018 CVE - 2023-1018

Huawei EulerOS: CVE-2023-0461: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/28/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-0461 CVE - 2023-0461 EulerOS-SA-2023-2193