From: Masami Ichikawa <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: New CVE entries this week
Date: Thu, 16 Mar 2023 09:03:44 +0900 [thread overview]
Message-ID: <CAODzB9qc6gzsAjfaJcu22tgEJzOtnsNE0+A5p+=FFd50+FipAA@mail.gmail.com> (raw)
Hi !
It's this week's CVE report.
This week reported 6 new CVEs and 7 updated CVEs.
* New CVEs
CVE-2023-1032: net: avoid double iput when sock_alloc_file fails
CVSS v3 score is not provided.
A double-free bug was found in io_uring subsystem when handling
IORING_OPSOCKET operation.
This bug was introduced by commit da214a4 ("net: add
__sys_socket_file()") in 5.19-rc1. This patch is not backported to
older stable kernels. So, before 5.19 kernels are not affected by this
issue.
Fixed status
mainline: [649c15c7691e9b13cbe9bf6c65c365350e056067]
stable/6.1: [7c7570791b15c3b78e3229ae97825e7eb869c7da]
stable/6.2: [cb6aedc1fd9d808d7319db2f953f4886dd46c627]
CVE-2023-1380: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
CVSS v3 score is not provided.
A slab-out-of-bounds read was found in brcmf_get_assoc_ies() in brcmfmac driver.
It hasn't been fixed in the mainline yet but it has been merged into
wireless-next tree.
It looks like 4.4 will be vulnerable as well.
CVE-2023-1382: Kernel: denial of service in tipc_conn_close
CVSS v3 score is not provided.
A race condition bug was found in net/tipc/topsrv.c. This results in a
null pointer dereference and use-after-free may be triggered.
It was introduced by commit c5fa7b3 ("tipc: introduce new TIPC server
infrastructure") in 3.11-rc1.
Fixed status
mainline: [0e5d56c64afcd6fd2d132ea972605b66f8a7d3c4,
a7b42969d63f47320853a802efd879fbdc4e010e]
stable/4.19: [2c9c64a95d97727c9ada0d35abc90ee5fdbaeff7,
f46826a6fce33c3549332c3eb1fbf615dc79be18]
stable/5.10: [e87a077d09c05985a0edac7c6c49bb307f775d12,
4058e3b74ab3eabe0835cee9a0c6deda79e8a295]
stable/5.15: [4ae907c45fcad4450423b8cdefa5a74bad772068,
33fb115a76ae6683e34f76f7e07f6f0734b2525f]
stable/5.4: [30f91687fa2502abb0b4d79569b63d1381169ccf,
59f9aad22fd743572bdafa37d3e1dd5dc5658e26]
CVE-2023-1390: components for: CVE-2023-1390 kernel: remote DoS in
TIPC kernel module
CVSS v3 score is not provided.
A null pointer dereference bug was found in the tipc module. If a
remote attacker sends a malicious packet, the system will crash.
It was introduced by commit af9b028 ("tipc: make media xmit call
outside node spinlock context") in 4.3-rc1.
Fixed status
mainline: [b77413446408fdd256599daf00d5be72b5f3e7c6]
stable/4.14: [3ed0b5bb8cf71b4b9f995d4b3763648674fa032a]
stable/4.19: [4d1d3dddcb3f26000e66cd0a9b8b16f7c2eb41bb]
stable/5.10: [60b8b4e6310b7dfc551ba68e8639eeaf70a0b2dd]
stable/5.4: [56e8947bcf814d195eb4954b4821868803d3dd67]
CVE-2023-28327: kernel: denial of service problem in net/unix/diag.c
CVSS v3 score is not provided.
A null pointer dereference issue was found in the unix protocol in
net/unix/diag.c. It allows a local user to crash the system.
Introduced by commit cae9910 ("net: Add UNIX_DIAG_UID to Netlink UNIX
socket diagnostics.") in 5.3-rc1. Before 5.3 kernels aren't affected.
Fixed status
mainline: [b3abe42e94900bdd045c472f9c9be620ba5ce553]
stable/5.10: [575a6266f63dbb3b8eb1da03671451f0d81b8034]
stable/5.15: [5c014eb0ed6c8c57f483e94cc6e90f34ce426d91]
stable/5.4: [c66d78aee55dab72c92020ebfbebc464d4f5dd2a]
CVE-2023-28328: media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
CVSS v3 score is not provided.
A null pointer dereference bug was found in dvd-usb driver.
Introduced by commit 76f9a82 ("V4L/DVB: AZ6027: Initial import of the
driver") in 2.6.34-rc1.
Fixed status
mainline: [0ed554fd769a19ea8464bb83e9ac201002ef74ad]
stable/4.14: [c712d1ccbfb787620422b437a5b8fac0802547bd]
stable/4.19: [7abfe467cd685f5da7ecb415441e45e3e4e2baa8]
stable/5.10: [559891d430e3f3a178040c4371ed419edbfa7d65]
stable/5.15: [210fcf64be4db82c0e190e74b5111e4eef661a7a]
stable/5.4: [8b256d23361c51aa4b7fdb71176c1ca50966fb39]
stable/6.1: [6b60cf73a931af34b7a0a3f467a79d9fe0df2d70]
* Updated CVEs
CVE-2023-1076: tap: tap_open(): correctly initialize socket uid
stable 5.10, 5.15, 5.4, 6.1, and 6.2 were fixed.
Fixed status
mainline: [66b2c338adce580dfce2199591e65e2bab889cff,
a096ccca6e503a5c575717ff8a36ace27510ab0a]
stable/5.10: [4a9272a864cbf6dacc3f4b35213108dd01691d31,
9a31af61f397500ccae49d56d809b2217d1e2178]
stable/5.15: [db6efde0ab809d68c0db9284aae8224317367206,
67f9f02928a34aad0a2c11dab5eea269f5ecf427]
stable/5.4: [522d319cda951d5c7464490dfdd341e8b73eb7f8,
d92d87000eda9884d49f1acec1c1fccd63cd9b11]
stable/6.1: [035a80733ec47ed81aa159e16e56d2de106d3335,
b4ada752eaf1341f47bfa3d8ada377eca75a8d44]
stable/6.2: [fce60a29cc0cf888687e2686538a23d1a0db0468,
4aa4b4b3b3e9551c4de2bf2987247c28805fb8f6]
CVE-2023-1077: sched/rt: pick_next_rt_entity(): check list_entry
stable 5.10, 5.15, 5.4, 6.1, and 6.2 were fixed.
Fixed status
mainline: [7c4a5b89a0b5a57a64b601775b296abf77a9fe97]
stable/5.10: [80a1751730b302d8ab63a084b2fa52c820ad0273]
stable/5.15: [2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7]
stable/5.4: [084cd75643b61fb924f70cba98a71dea14942938]
stable/6.1: [6b4fcc4e8a3016e85766c161daf0732fca16c3a3]
stable/6.2: [1099004ae1664703ec573fc4c61ffb24144bcb63]
CVE-2023-1079: Use-After-Free in asus_kbd_backlight_set()
stable 4.14, 4.19, 5.10, 5.15, 5.4, 6.1, and 6.2 were fixed.
Fixed status
mainline: [4ab3a086d10eeec1424f2e8a968827a6336203df]
stable/4.14: [df0fad94ca3787727b9cdd76797aaacf46fe93ed]
stable/4.19: [74b78391a9b6f67de90b13f5a85e329e3b3f5a72]
stable/5.10: [21a2eec4a440060a6eb294dc890eaf553101ba09]
stable/5.15: [3959316f8ceb17866646abc6be4a332655407138]
stable/5.4: [dd08e68d04d08d2f42b09162c939a0b0841216cc]
stable/6.1: [ee907829b36949c452c6f89485cb2a58e97c048e]
stable/6.2: [b08bcfb4c97d7bd41b362cff44b2c537ce9e8540]
CVE-2023-1118: kernel: use-after-free in drivers/media/rc/ene_ir.c due
to race condition
stable 4.14, 4.19, 5.10, 5.15, 5.4, 6.1, and 6.2 were fixed.
Fixed status
mainline: [29b0589a865b6f66d141d79b2dd1373e4e50fe17]
stable/4.14: [0987f836bc1a258cb8fb51669a5afb67bb01c31b]
stable/4.19: [52bde2754d76fc97390f097fba763413607f157a]
stable/5.10: [78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c]
stable/5.15: [29962c478e8b2e6a6154d8d84b8806dbe36f9c28]
stable/5.4: [d120334278b370b6a1623a75ebe53b0c76cb247c]
stable/6.1: [029c1410e345ce579db5c007276340d072aac54a]
stable/6.2: [182ea492aae5b64067277e60a4ea5995c4628555]
CVE-2023-25012: HID: bigben_remove: manually unregister leds
stable 5.10, 5.15, 5.4, 6.1, and 6.2 were fixed.
Fixed status
mainline: [76ca8da989c7d97a7f76c75d475fe95a584439d7]
stable/5.10: [fddde36316da8acb45a3cca2e5fda102f5215877]
stable/5.15: [0fd9998052926ed24cfb30ab1a294cfeda4d0a8f]
stable/5.4: [25e14bf0c894f9003247e3475372f33d9be1e424]
stable/6.1: [f2bf592ebd5077661e00aa11e12e054c4c8f6dd0]
stable/6.2: [90289e71514e9533a9c44d694e2b492be9ed2b77]
CVE-2023-23004: malidp: Fix NULL vs IS_ERR() checking
stable 5.10 and 5.15 were fixed.
Fixed status
mainline: [15342f930ebebcfe36f2415049736a77d7d2e045]
stable/5.10: [a5bbea50d622b8f49ab8ee3b0eb283107febcf1a]
stable/5.15: [1c7988d5c79f72287177bb774cde15fde69f3c97]
CVE-2023-26606: KASAN: use-after-free Read in ntfs_trim_fs
The mainline, 5.15, and 6.1 were fixed.
Fixed status
mainline: [557d19675a470bb0a98beccec38c5dc3735c20fa]
stable/5.15: [ab53749c32db90eeb4495227c998d21dc07ad8c1]
stable/6.1: [f2e58e95273ce072ca95a2afa1f274825a1e1772]
Currently tracking CVEs
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
There is no fix information.
CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM
No fix information.
CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
No fix information.
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
next reply other threads:[~2023-03-16 0:04 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-16 0:03 Masami Ichikawa [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-09-13 22:34 New CVE entries this week Masami Ichikawa
2023-09-06 23:22 Masami Ichikawa
2023-08-30 23:08 Masami Ichikawa
2023-08-23 22:47 Masami Ichikawa
2023-08-16 23:04 Masami Ichikawa
2023-08-10 0:04 Masami Ichikawa
2023-08-02 23:38 Masami Ichikawa
2023-07-26 23:15 Masami Ichikawa
2023-07-20 0:25 Masami Ichikawa
2023-07-12 23:24 Masami Ichikawa
2023-07-06 0:35 Masami Ichikawa
2023-06-29 0:26 Masami Ichikawa
2023-06-21 23:07 Masami Ichikawa
2023-06-14 22:43 Masami Ichikawa
2023-06-07 22:19 Masami Ichikawa
2023-05-31 23:54 Masami Ichikawa
2023-05-24 22:50 Masami Ichikawa
2023-05-17 23:10 Masami Ichikawa
2023-05-10 23:47 Masami Ichikawa
2023-05-03 22:53 Masami Ichikawa
2023-04-26 23:10 Masami Ichikawa
2023-04-19 23:49 Masami Ichikawa
2023-04-13 0:19 Masami Ichikawa
2023-04-06 0:19 Masami Ichikawa
2023-03-29 23:52 Masami Ichikawa
2023-03-22 23:10 Masami Ichikawa
2023-03-08 23:53 Masami Ichikawa
2023-03-02 1:40 Masami Ichikawa
2023-02-22 23:33 Masami Ichikawa
2023-02-15 23:19 Masami Ichikawa
2023-02-08 23:44 Masami Ichikawa
2023-02-02 0:55 Masami Ichikawa
2023-01-25 23:59 Masami Ichikawa
2023-01-19 0:14 Masami Ichikawa
2023-03-03 14:08 ` Dan Carpenter
2023-01-12 0:21 Masami Ichikawa
2023-01-05 1:04 Masami Ichikawa
2022-12-29 0:00 Masami Ichikawa
2022-12-21 22:58 Masami Ichikawa
2023-02-01 8:09 ` Dan Carpenter
2023-02-01 13:59 ` Dan Carpenter
2022-12-15 3:25 Masami Ichikawa
2023-01-19 7:51 ` Dan Carpenter
2023-01-19 13:56 ` Masami Ichikawa
2023-01-19 15:24 ` Dan Carpenter
2022-12-07 23:25 Masami Ichikawa
2022-11-30 23:26 Masami Ichikawa
2022-11-24 1:24 Masami Ichikawa
2022-11-17 0:11 Masami Ichikawa
2022-11-09 23:02 Masami Ichikawa
2022-11-02 23:20 Masami Ichikawa
2022-10-27 0:55 Masami Ichikawa
2022-10-20 0:48 Masami Ichikawa
2022-10-12 23:43 Masami Ichikawa
2022-10-05 23:53 Masami Ichikawa
2022-09-28 23:42 Masami Ichikawa
2022-09-22 0:06 Masami Ichikawa
2022-09-14 23:53 Masami Ichikawa
2022-09-07 23:07 Masami Ichikawa
2022-09-01 0:12 Masami Ichikawa
2022-08-25 1:18 Masami Ichikawa
2022-08-17 23:23 Masami Ichikawa
2022-08-10 23:20 Masami Ichikawa
2022-08-04 0:29 Masami Ichikawa
2022-07-27 23:45 Masami Ichikawa
2022-07-21 0:01 Masami Ichikawa
2022-07-14 0:54 Masami Ichikawa
2022-07-06 23:21 Masami Ichikawa
2022-06-29 22:50 Masami Ichikawa
2022-06-22 23:47 Masami Ichikawa
2022-06-15 23:44 Masami Ichikawa
2022-06-08 23:44 Masami Ichikawa
2022-06-02 0:14 Masami Ichikawa
2022-05-25 23:12 Masami Ichikawa
2022-05-19 0:21 Masami Ichikawa
2022-05-12 0:15 Masami Ichikawa
2022-05-04 22:53 Masami Ichikawa
2022-04-27 23:03 Masami Ichikawa
2022-04-21 0:00 Masami Ichikawa
2022-04-14 0:10 Masami Ichikawa
2022-04-06 23:50 Masami Ichikawa
2022-03-30 23:22 Masami Ichikawa
2022-03-24 0:42 Masami Ichikawa
2022-03-16 23:34 Masami Ichikawa
2022-03-09 23:55 Masami Ichikawa
2022-03-02 23:50 Masami Ichikawa
2022-02-23 23:41 Masami Ichikawa
2022-02-17 0:09 Masami Ichikawa
2022-02-10 1:35 Masami Ichikawa
2022-02-03 0:28 Masami Ichikawa
2022-01-05 23:31 Masami Ichikawa
2021-10-28 0:05 Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAODzB9qc6gzsAjfaJcu22tgEJzOtnsNE0+A5p+=FFd50+FipAA@mail.gmail.com' \
--to=masami.ichikawa@miraclelinux.com \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.