From: Masami Ichikawa <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: [kernel-cve-report] New CVE entries this week
Date: Thu, 16 Nov 2023 07:48:21 +0900 [thread overview]
Message-ID: <CAODzB9r5dW9fwvNexYe_+VpycEXpfJS7gbH_49V3oRicz2Z=ow@mail.gmail.com> (raw)
Hi!
It's this week's CVE report.
This week reported 4 new CVEs and 0 updated CVEs.
* New CVEs
CVE-2023-39197: netfilter: conntrack: dccp: copy entire header to
stack buffer, not just basic one
CVSS v3(NIST): N/A
An out-of-bound access bug was found in the netfilter conntrack
feature. This vulnerability will expose sensitive information via DCCP
protocol to remote user.
This bug was introduced by commit 2bc7804 ("[NETFILTER]: nf_conntrack:
add DCCP protocol support") in 2.6.26-rc1.
Fixed status
mainline: [ff0a3a7d52ff7282dbd183e7fc29a1fe386b0c30]
stable/5.10: [9bdcda7abaf22f6453e5b5efb7eb4e524095d5d8]
stable/5.15: [c052797ac36813419ad3bfa54cb8615db4b41f15]
stable/5.4: [337fdce450637ea663bc816edc2ba81e5cdad02e]
stable/6.1: [26bd1f210d3783a691052c51d76bb8a8bbd24c67]
CVE-2023-39198: drm/qxl: fix UAF on handle creation
CVSS v3(NIST): N/A
CVSS v3(CNA): 7.5 (HIGH)
A race condition was found in the QXL driver in the Linux kernel. The
qxl_mode_dumb_create() function dereferences the qobj returned by the
qxl_gem_object_create_with_handle(), but the handle is the only one
holding a reference to it. This flaw allows an attacker to guess the
returned handle value and trigger a use-after-free issue, potentially
leading to a denial of service or privilege escalation.
Fixed status
mainline: [c611589b4259ed63b9b77be6872b1ce07ec0ac16]
stable/5.15: [d578c919deb786b4d6ba8c7639255cb658731671]
stable/6.1: [a1fa8f0fc58e0ec972f718030710efc442d7304b]
CVE-2023-6039: net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs
CVSS v3(NIST): N/A
CVSS v3(CNA): 5.5 (MEDIUM)
A use-after-free flaw was found in lan78xx_disconnect in
drivers/net/usb/lan78xx.c in the network sub-component,
net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker
to crash the system when the LAN78XX USB device detaches.
Introduced by commit 77dfff5 ("lan78xx: Fix race condition in
disconnect handling") in 5.15-rc1. Prior to 5.15 kernels are not
affected.
Fixed status
mainline: [1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3]
CVE-2023-6111: netfilter: nf_tables: remove catchall element in GC sync path
CVSS v3(NIST): N/A
CVSS v3(CNA): 7.8 (HIGH)
This bug was introduced by commit 4a9e12e ("netfilter: nft_set_pipapo:
call nft_trans_gc_queue_sync() in catchall GC") in 6.6-rc3.
This commit was backported to 5.15, 6.1, and 6.5 so that prior to 5.15
are not affected.
Fixed status
mainline: [93995bf4af2c5a99e2a87f0cd5ce547d31eb7630]
* Updated CVEs
No update.
Currently tracking CVEs
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
There is no fix information.
CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM
No fix information.
CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
No fix information.
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
next reply other threads:[~2023-11-15 22:48 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-15 22:48 Masami Ichikawa [this message]
2023-11-16 9:28 ` [cip-dev] [kernel-cve-report] New CVE entries this week Pavel Machek
-- strict thread matches above, loose matches on Subject: below --
2024-05-23 0:56 Masami Ichikawa
2024-05-23 6:12 ` Jan Kiszka
2024-05-15 22:11 Masami Ichikawa
2024-05-08 23:45 Masami Ichikawa
2024-05-02 3:10 Masami Ichikawa
2024-04-24 22:53 Masami Ichikawa
2024-04-18 4:09 Masami Ichikawa
2024-04-11 2:21 Masami Ichikawa
2024-04-04 5:34 Masami Ichikawa
2024-03-27 23:10 Masami Ichikawa
2024-03-20 23:36 Masami Ichikawa
2024-03-13 23:34 Masami Ichikawa
2024-03-07 3:08 Masami Ichikawa
2024-02-29 0:02 Masami Ichikawa
2024-02-22 0:31 Masami Ichikawa
2024-02-14 22:47 Masami Ichikawa
2024-02-07 23:05 Masami Ichikawa
2024-01-31 23:18 Masami Ichikawa
2024-01-24 23:17 Masami Ichikawa
2024-01-10 22:52 Masami Ichikawa
2024-01-03 23:09 Masami Ichikawa
2023-12-27 22:47 Masami Ichikawa
2023-12-20 23:08 Masami Ichikawa
2023-12-13 22:52 Masami Ichikawa
2023-12-06 23:22 Masami Ichikawa
2023-11-29 23:03 Masami Ichikawa
2023-11-22 23:21 Masami Ichikawa
2023-11-08 22:55 Masami Ichikawa
2023-11-01 22:42 Masami Ichikawa
2023-10-25 23:30 Masami Ichikawa
2023-10-18 23:20 Masami Ichikawa
2023-10-11 22:54 Masami Ichikawa
2023-10-04 22:09 Masami Ichikawa
2023-09-27 22:58 Masami Ichikawa
2023-09-20 22:51 Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAODzB9r5dW9fwvNexYe_+VpycEXpfJS7gbH_49V3oRicz2Z=ow@mail.gmail.com' \
--to=masami.ichikawa@miraclelinux.com \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.