From: Masami Ichikawa <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: [kernel-cve-report] New CVE entries this week
Date: Thu, 23 Nov 2023 08:21:56 +0900 [thread overview]
Message-ID: <CAODzB9rjkHHcdptFxb8Si5rpx=5d2WAiPEpspJdFekhP7WefHQ@mail.gmail.com> (raw)
Hi!
It's this week's CVE report.
This week reported 3 new CVEs and 0 updated CVEs.
* New CVEs
CVE-2023-6121: nvmet: nul-terminate the NQNs passed in the connect command
CVSS v3(NIST): N/A
CVSS v3(CNA): 4.3 (MEDIUM)
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP
subsystem in the Linux kernel. This flaw allows a remote attacker to
send a crafted TCP packet, triggering a heap-based buffer overflow
that results in kmalloc data to be printed (and potentially leaked) to
the kernel ring buffer (dmesg).
Fixed status
Patch is available at the linux-nvme list but it hasn't been merged yet.
CVE-2023-6176: A NULL pointer dereference bug was found in the net/tls/tls_sw.c
CVSS v3(NIST): N/A
CVSS v3(CNA): 4.4 (MEDIUM)
A null pointer dereference flaw was found in the Linux kernel API for
the cryptographic algorithm scatterwalk functionality. This issue
occurs when a user constructs a malicious packet with specific socket
configuration, which could allow a local user to crash the system or
escalate their privileges on the system.
This bug was introduced by commit 635d939 ("net/tls: free record only
on encryption error") in 5.7-rc7.
The commit 635d939 was backported to 5.4. So 5.4 or greater kernels
are affected by this issue.
Fixed status
mainline: [cfaa80c91f6f99b9342b6557f0f0e1143e434066]
stable/5.10: [a5096cc6e7836711541b7cd2d6da48d36fe420e9]
stable/5.15: [481bd6dcc5fe6c0ec57b61240ab552f67ff51b6b]
stable/5.4: [f9f3ce7719ebb437a883ae0db26723f17190df83]
stable/6.1: [7f4116c6f98412a6e29ace6d6a7b41ebb4e8a392]
stable/6.5: [74aecad5da19004ccf6321fd397d14b10756622a]
CVE-2023-6238: nvme: memory corruption via unprivileged user passthrough
CVSS v3(NIST): N/A
CVSS v3(CNA): 7.0 (HIGH)
A buffer overflow vulnerability was found in the NVM Express (NVMe)
driver in the Linux kernel. An unprivileged user could specify a small
meta buffer and let the device perform larger Direct Memory Access
(DMA) into the same buffer, overwriting unrelated kernel memory,
causing random kernel crashes and memory corruption.
Fixed status
Patch is available but it hasn't been merged yet.
* Updated CVEs
No updates
Currently tracking CVEs
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
There is no fix information.
CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM
No fix information.
CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
No fix information.
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
next reply other threads:[~2023-11-22 23:22 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-22 23:21 Masami Ichikawa [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-05-23 0:56 [kernel-cve-report] New CVE entries this week Masami Ichikawa
2024-05-23 6:12 ` Jan Kiszka
2024-05-15 22:11 Masami Ichikawa
2024-05-08 23:45 Masami Ichikawa
2024-05-02 3:10 Masami Ichikawa
2024-04-24 22:53 Masami Ichikawa
2024-04-18 4:09 Masami Ichikawa
2024-04-11 2:21 Masami Ichikawa
2024-04-04 5:34 Masami Ichikawa
2024-03-27 23:10 Masami Ichikawa
2024-03-20 23:36 Masami Ichikawa
2024-03-13 23:34 Masami Ichikawa
2024-03-07 3:08 Masami Ichikawa
2024-02-29 0:02 Masami Ichikawa
2024-02-22 0:31 Masami Ichikawa
2024-02-14 22:47 Masami Ichikawa
2024-02-07 23:05 Masami Ichikawa
2024-01-31 23:18 Masami Ichikawa
2024-01-24 23:17 Masami Ichikawa
2024-01-10 22:52 Masami Ichikawa
2024-01-03 23:09 Masami Ichikawa
2023-12-27 22:47 Masami Ichikawa
2023-12-20 23:08 Masami Ichikawa
2023-12-13 22:52 Masami Ichikawa
2023-12-06 23:22 Masami Ichikawa
2023-11-29 23:03 Masami Ichikawa
2023-11-15 22:48 Masami Ichikawa
2023-11-08 22:55 Masami Ichikawa
2023-11-01 22:42 Masami Ichikawa
2023-10-25 23:30 Masami Ichikawa
2023-10-18 23:20 Masami Ichikawa
2023-10-11 22:54 Masami Ichikawa
2023-10-04 22:09 Masami Ichikawa
2023-09-27 22:58 Masami Ichikawa
2023-09-20 22:51 Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAODzB9rjkHHcdptFxb8Si5rpx=5d2WAiPEpspJdFekhP7WefHQ@mail.gmail.com' \
--to=masami.ichikawa@miraclelinux.com \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.