From: Masami Ichikawa <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: New CVE entries this week
Date: Thu, 13 Jul 2023 08:24:54 +0900 [thread overview]
Message-ID: <CAODzB9romU4fGXwGP_+kx+ujExDLqZnxrjYqkETeygrwKf55Qw@mail.gmail.com> (raw)
Hi !
It's this week's CVE report.
This week reported 6 new CVEs and 0 updated CVEs.
A new exploitation technique called Dirty Pagetable has been published
(https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html).
It is interesting to read. This technique can bypass major mitigation
methods like KASLR, SMAP, and so on. It abuses heap-based
vulnerabilities to manipulate user page tables.
* New CVEs
CVE-2023-21255: binder: fix UAF caused by faulty buffer cleanup
CVSS v3 score is not provided.
A use-after-free bug was found in binder_transaction_buffer_release().
When a transaction buffer is released without
any objects having been processed, it leads to a use-after-free bug.
This bug was introduced by commit 32e9f56 ("binder: don't detect
sender/target during buffer cleanup") in 5.16-rc1.
This commit fixes 44d8047 ("binder: use standard functions to allocate
fds") in 4.20-rc1. So, commit 32e9f56 isn't backported to 4.x kernels.
Fixed status
mainline: [bdc1c5fac982845a58d28690cdb56db8c88a530d]
stable/5.10: [2218752325a98861dfb10f59a9b0270d6d4abe21]
stable/5.15: [5fd7c1e36b0a500d5fce820ee63c2a5b47b36e85]
stable/5.4: [6c88024cab83c820604db5f6a998ef3ae5682f1c]
stable/6.1: [e1e198eff1fbaf56fd8022c4fbbf59c5324ea320]
stable/6.3: [c9e6aae1f26758f3e87b93cff18d79dfd80f2f25]
CVE-2023-32248: Linux Kernel ksmbd Tree Connection NULL Pointer
Dereference Denial-of-Service Vulnerability
CVSS v3 score is not provided.
This vulnerability allows remote attackers to create a
denial-of-service condition on affected installations of Linux Kernel.
Authentication is not required to exploit this vulnerability, but only
systems with ksmbd enabled are vulnerable.
The specific flaw exists within the handling of SMB2_TREE_CONNECT and
SMB2_QUERY_INFO commands. The issue results from the lack of proper
validation of a pointer prior to accessing it. An attacker can
leverage this vulnerability to create a denial-of-service condition on
the system.
The ksmbd subsystem was introduced in 5.15 so before this versions are
not affected.
Fixed status
mainline: [3ac00a2ab69b34189942afa9e862d5170cdcb018]
stable/5.15: [227eb2689b44d0d60da3839b146983e73435924c]
stable/6.1: [a70751dd7b60eab025e97e19b6b2477c6eaf2bbb]
stable/6.3: [1636e09779f83e10e6ed57d91ef94abcefdd206b]
CVE-2023-37453: out-of-bounds in read_descriptors in drivers/usb/core/sysfs
CVSS v3 score is 4.4 MEDIUM.
An issue was discovered in the USB subsystem in the Linux kernel
through 6.4.2. There is an out-of-bounds and crash in read_descriptors
in drivers/usb/core/sysfs.c.
Fixed status
Not fixed yet.
CVE-2023-37454: use-after-free in udf_put_super and udf_close_lvid
functions in fs/udf/super.c
CVSS v3 score is 5.5 MEDIUM.
An issue was discovered in the Linux kernel through 6.4.2. A crafted
UDF filesystem image causes a use-after-free write operation in the
udf_put_super and udf_close_lvid functions in fs/udf/super.c.
Fixed status
Not fixed yet.
CVE-2023-3567: use-after-free in vcs_read in drivers/tty/vt/vc_screen.c
CVSS v3 score is not provided.
A use-after-free bug was found in vcs_size() in the drivers/tty/vt/vc_screen.c.
It was introduced by commit ac751ef ("console: rename
acquire/release_console_sem() to console_lock/unlock()") in
2.6.38-rc3.
Fixed status
mainline: [226fae124b2dac217ea5436060d623ff3385bc34]
stable/4.19: [6332f52f44b9776568bf3c0b714ddfb0bb175e78]
stable/5.10: [55515d7d8743b71b80bfe68e89eb9d92630626ab]
stable/5.15: [fc9e27f3ba083534b8bbf72ab0f5c810ffdc7d18]
stable/5.4: [d0332cbf53dad06a22189cc341391237f4ea6d9f]
stable/6.1: [8506f16aae9daf354e3732bcfd447e2a97f023df]
CVE-2023-3108: rypto: fix af_alg_make_sg() conversion to iov_iter
CVSS v3 score is not provided (NIST).
CVSS v3 score is 6.2 MEDIUM (CNA).
A flaw was found in the subsequent get_user_pages_fast in the Linux
kernel’s interface for symmetric key cipher algorithms in the
skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allows
a local user to crash the system.
This bug was introduced by commit 1d10eb2 ("crypto: switch
af_alg_make_sg() to iov_iter") in 4.0-rc1 and fixed by commit 9399f0c
("crypto: fix af_alg_make_sg() conversion to iov_iter") in 4.0-rc1.
So, this bug was introduced and fixed during the 4.0-rc1 development
cycle. Therefore, no released kernels are affected.
Fixed status
mainline: [9399f0c51489ae8c16d6559b82a452fdc1895e91]
* Updated CVEs
No update CVEs.
Currently tracking CVEs
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
There is no fix information.
CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM
No fix information.
CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
No fix information.
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
next reply other threads:[~2023-07-12 23:25 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-12 23:24 Masami Ichikawa [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-09-13 22:34 New CVE entries this week Masami Ichikawa
2023-09-06 23:22 Masami Ichikawa
2023-08-30 23:08 Masami Ichikawa
2023-08-23 22:47 Masami Ichikawa
2023-08-16 23:04 Masami Ichikawa
2023-08-10 0:04 Masami Ichikawa
2023-08-02 23:38 Masami Ichikawa
2023-07-26 23:15 Masami Ichikawa
2023-07-20 0:25 Masami Ichikawa
2023-07-06 0:35 Masami Ichikawa
2023-06-29 0:26 Masami Ichikawa
2023-06-21 23:07 Masami Ichikawa
2023-06-14 22:43 Masami Ichikawa
2023-06-07 22:19 Masami Ichikawa
2023-05-31 23:54 Masami Ichikawa
2023-05-24 22:50 Masami Ichikawa
2023-05-17 23:10 Masami Ichikawa
2023-05-10 23:47 Masami Ichikawa
2023-05-03 22:53 Masami Ichikawa
2023-04-26 23:10 Masami Ichikawa
2023-04-19 23:49 Masami Ichikawa
2023-04-13 0:19 Masami Ichikawa
2023-04-06 0:19 Masami Ichikawa
2023-03-29 23:52 Masami Ichikawa
2023-03-22 23:10 Masami Ichikawa
2023-03-16 0:03 Masami Ichikawa
2023-03-08 23:53 Masami Ichikawa
2023-03-02 1:40 Masami Ichikawa
2023-02-22 23:33 Masami Ichikawa
2023-02-15 23:19 Masami Ichikawa
2023-02-08 23:44 Masami Ichikawa
2023-02-02 0:55 Masami Ichikawa
2023-01-25 23:59 Masami Ichikawa
2023-01-19 0:14 Masami Ichikawa
2023-03-03 14:08 ` Dan Carpenter
2023-01-12 0:21 Masami Ichikawa
2023-01-05 1:04 Masami Ichikawa
2022-12-29 0:00 Masami Ichikawa
2022-12-21 22:58 Masami Ichikawa
2023-02-01 8:09 ` Dan Carpenter
2023-02-01 13:59 ` Dan Carpenter
2022-12-15 3:25 Masami Ichikawa
2023-01-19 7:51 ` Dan Carpenter
2023-01-19 13:56 ` Masami Ichikawa
2023-01-19 15:24 ` Dan Carpenter
2022-12-07 23:25 Masami Ichikawa
2022-11-30 23:26 Masami Ichikawa
2022-11-24 1:24 Masami Ichikawa
2022-11-17 0:11 Masami Ichikawa
2022-11-09 23:02 Masami Ichikawa
2022-11-02 23:20 Masami Ichikawa
2022-10-27 0:55 Masami Ichikawa
2022-10-20 0:48 Masami Ichikawa
2022-10-12 23:43 Masami Ichikawa
2022-10-05 23:53 Masami Ichikawa
2022-09-28 23:42 Masami Ichikawa
2022-09-22 0:06 Masami Ichikawa
2022-09-14 23:53 Masami Ichikawa
2022-09-07 23:07 Masami Ichikawa
2022-09-01 0:12 Masami Ichikawa
2022-08-25 1:18 Masami Ichikawa
2022-08-17 23:23 Masami Ichikawa
2022-08-10 23:20 Masami Ichikawa
2022-08-04 0:29 Masami Ichikawa
2022-07-27 23:45 Masami Ichikawa
2022-07-21 0:01 Masami Ichikawa
2022-07-14 0:54 Masami Ichikawa
2022-07-06 23:21 Masami Ichikawa
2022-06-29 22:50 Masami Ichikawa
2022-06-22 23:47 Masami Ichikawa
2022-06-15 23:44 Masami Ichikawa
2022-06-08 23:44 Masami Ichikawa
2022-06-02 0:14 Masami Ichikawa
2022-05-25 23:12 Masami Ichikawa
2022-05-19 0:21 Masami Ichikawa
2022-05-12 0:15 Masami Ichikawa
2022-05-04 22:53 Masami Ichikawa
2022-04-27 23:03 Masami Ichikawa
2022-04-21 0:00 Masami Ichikawa
2022-04-14 0:10 Masami Ichikawa
2022-04-06 23:50 Masami Ichikawa
2022-03-30 23:22 Masami Ichikawa
2022-03-24 0:42 Masami Ichikawa
2022-03-16 23:34 Masami Ichikawa
2022-03-09 23:55 Masami Ichikawa
2022-03-02 23:50 Masami Ichikawa
2022-02-23 23:41 Masami Ichikawa
2022-02-17 0:09 Masami Ichikawa
2022-02-10 1:35 Masami Ichikawa
2022-02-03 0:28 Masami Ichikawa
2022-01-05 23:31 Masami Ichikawa
2021-10-28 0:05 Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAODzB9romU4fGXwGP_+kx+ujExDLqZnxrjYqkETeygrwKf55Qw@mail.gmail.com \
--to=masami.ichikawa@miraclelinux.com \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.