From: Masami Ichikawa <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: New CVE entries this week
Date: Thu, 3 Aug 2023 08:38:25 +0900 [thread overview]
Message-ID: <CAODzB9ppRV992Erf4QnGh9poKGSxyUNgxGdEPMn+cA4taDNsQg@mail.gmail.com> (raw)
Hi !
It's this week's CVE report.
This week reported 3 new CVEs and 10 updated CVEs.
* New CVEs
CVE-2023-3812: An out-of-bounds memory access flaw was found in the
TUN/TAP device driver
CVSS v3 score is not provided(NIST).
CVSS v3 score is 7.8 HIGH.
An out-of-bounds memory access flaw was found in the Linux kernel’s
TUN/TAP device driver functionality in how a user generates a
malicious (too big) networking packet when napi frags is enabled. This
flaw allows a local user to crash or potentially escalate their
privileges on the system.
This issue was introduced by commit 90e33d4 ("tun: enable
napi_gro_frags() for TUN/TAP driver") in 4.15-rc1.
This patch is not backported to 4.14 and 4.4.
Fixed status
mainline: [363a5328f4b0517e59572118ccfb7c626d81dca9]
stable/4.19: [aa815bf32acf560dad63c3dc46bc7b98ca9a9672]
stable/5.10: [3583826b443a63681deaa855048d3f2b742af47e]
stable/5.15: [dcc79cf735b8ec4bedaa82c53bed8c62721c042b]
stable/5.4: [ca791952d42c5b40d548ff6c4a879216039b0ca1]
CVE-2023-4004 :A use-after-free flaw was found in the netfilter subsystem
CVSS v3 score is not provided(NIST).
CVSS v3 score is 7.8 HIGH(CNA).
A use-after-free flaw was found in the Linux kernel's netfilter in the
way a user triggers the nft_pipapo_remove function with the element,
without a NFT_SET_EXT_KEY_END. This issue could allow a local user to
crash the system or potentially escalate their privileges on the
system.
Introduced by commit 3c4287f ("nf_tables: Add set type for arbitrary
concatenation of ranges") in 5.6-rc1.
This patch is not backported to older stable kernels.
Fixed status
mainline: [87b5a5c209405cb6b57424cdfa226a6dbd349232]
stable/5.10: [3a91099ecd59a42d1632fcb152bf7222f268ea2b]
stable/5.15: [706ce3c81b5c8e262a8bcf116ea689d0710c3a13]
stable/6.1: [90c3955beb858bb52a9e5c4380ed0e520e3730d1]
stable/6.4: [48dbb5d24c667bf26bc2fea8caa7fe51fcc6aa62]
CVE-2023-4010: A bug was found in the usb_giveback_urb function causes DoS.
CVSS v3 score is not provided(NIST).
CVSS v3 score is 4.6 MEDIUM.
A flaw was found in the USB Host Controller Driver framework in the
Linux kernel. The usb_giveback_urb function has a logic loophole in
its implementation. Due to the inappropriate judgment condition of the
goto statement, the function cannot return under the input of a
specific malformed descriptor file, so it falls into an endless loop,
resulting in a denial of service.
A reporter described this bug on the
github(https://github.com/wanrenmi/a-usb-kernel-bug) that said the
vulnerability is in the usb_giveback_urb(). But that function is not
found in any kernel versions. There is a usb_giveback_urb_bh() in
drivers/usb/core/hcd.c instead.
Fixed status
Not fixed yet.
* Updated CVEs
CVE-2023-2898: f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()
Stable 5.10 was fixed.
Fixed status
mainline: [d8189834d4348ae608083e1f1f53792cfcc2a9bc]
stable/5.10: [b39ef5b52f10b819bd0ceeb22e8f7df7800880ca]
stable/5.15: [982c29e0d27a48d65fd0fa0d1bcee501eeb06e76]
stable/6.1: [ebe83e9bb8a6b3db28603fe938ee80ccaa01ed53]
stable/6.4: [5619e9aabbd2b369cde2114ad6f55f6eb3e0b5be]
CVE-2023-3117: A use-after-free flaw was found in the Netfilter subsystem
Stable 5.10 was fixed.
Fixed status
mainline: [1240eb93f0616b21c675416516ff3d74798fdc97]
stable/5.10: [8180fc2fadd48dde4966f2db2c716c2ce7510d0b]
stable/5.15: [44ebe988cb38e720b91826f4d7c31692061ca04a]
stable/6.1: [4aaa3b730d16c13cc3feaa127bfca1af201d969d]
CVE-2023-31248: nf_tables UAF when using nft_chain_lookup_byid
Stable 5.10 was fixed.
Fixed status
mainline: [515ad530795c118f012539ed76d02bacfd426d89]
stable/5.10: [4ae2e501331aaa506eaf760339bb2f43e5769395]
stable/5.15: [041e2ac88caef286b39064e83e825e3f53113d36]
stable/6.1: [fc95c8b02c6160936f1f3d8d9d7f4f66f3c84b49]
stable/6.4: [5e5e967e8505fbdabfb6497367ec1b808cadc356]
CVE-2023-3212: gfs2: Don''t deref jdesc in evict
Stable 5.10 was fixed.
Fixed status
mainline: [504a10d9e46bc37b23d0a1ae2f28973c8516e636]
stable/5.10: [d03d31d3a206093b9b8759dddf0ba9bd843606ba]
stable/5.15: [fd8b4e28f400a067e6ef84569816967be1f0642b]
stable/5.4: [23f98fe887ce3e7c8bd111f37e62735c5018c534]
stable/6.1: [5ae4a618a1558d2b536fdd5d42e53d3e2d73870c]
stable/6.3: [14c454764a37b194dc916c07488ce7339c82bc4f]
CVE-2023-3390: netfilter: nf_tables: incorrect error path handling
with NFT_MSG_NEWRULE
Stable 5.10 was fixed.
Fixed status
mainline: [1240eb93f0616b21c675416516ff3d74798fdc97]
stable/5.10: [8180fc2fadd48dde4966f2db2c716c2ce7510d0b]
stable/5.15: [44ebe988cb38e720b91826f4d7c31692061ca04a]
stable/6.1: [4aaa3b730d16c13cc3feaa127bfca1af201d969d]
stable/6.3: [bdace3b1a51887211d3e49417a18fdbd315a313b]
CVE-2023-35001: nf_tables nft_byteorder_eval OOB read/write
Stable 5.4 and 5.10 were fixed.
Fixed status
stable/5.10: [ea213922249c7e448d217a0a0441c6f86a8155fd]
stable/5.15: [870dcc31c0cf47cb15a568ade4168dc644b3ccfb]
stable/5.4: [b7d636c924eb275651bfb036eb8eca49c3f7bc24]
stable/6.1: [40f83dd66a823400d8592e3b71e190e3ad978eb5]
stable/6.4: [b79c09c2bf2d7643902a6ef26152de602c5c5e4b]
CVE-2023-3610: netfilter: nf_tables: fix chain binding transaction logic
Stable 5.10 was fixed.
Fixed status
mainline: [4bedf9eee016286c835e3d8fa981ddece5338795]
stable/5.10: [d53c295c1f43b7460d28ba0f0f98a602084fdcb6]
stable/5.15: [314a8697d08092df6d00521450d44c352c602943]
stable/6.1: [891cd2edddc76c58e842706ad27e2ff96000bd5d]
CVE-2023-3611: net/sched: sch_qfq: account for stab overhead in qfq_enqueue
Stable 5.10 was fixed.
Fixed status
mainline: [3e337087c3b5805fe0b8a46ba622a962880b5d64]
stable/5.10: [8359ee85fd6dabc5c134ed69fb22faadd8a44071]
stable/5.15: [91d3554ab1fc2804c36a815c0f79502d727a41e6]
stable/6.1: [70feebdbfad85772ab3ef152812729cab5c6c426]
stable/6.4: [bd2333fa86dc520823e8c317980b29ba91ee6b87]
CVE-2023-3776: net/sched: cls_fw: Fix improper refcount update leads
to use-after-free
Stable 5.4 and 5.10 were fixed.
Fixed status
mainline: [0323bce598eea038714f941ce2b22541c46d488f]
stable/5.10: [80e0e8d5f54397c5048fa2274144134dd9dc91b5]
stable/5.15: [5b55f2d6ef403fcda93ae4eb4d8c1ba164c66e92]
stable/5.4: [808211a8d427404331e39e3b8c94ab5242eef8f5]
stable/6.1: [c91fb29bb07ee4dd40aabd1e41f19c0f92ac3199]
stable/6.4: [0a2e3f49febda459252f58cec2d659623d582800]
CVE-2023-3863: net: nfc: Fix use-after-free caused by nfc_llcp_find_local
Stable 5.4 and 5.10 were fixed.
Fixed status
mainline: [6709d4b7bc2e079241fdef15d1160581c5261c10]
stable/5.10: [96f2c6f272ec04083d828de46285a7d7b17d1aad]
stable/5.15: [fc8429f8d86801f092fbfbd257c3af821ac0dcd3]
stable/5.4: [dd6ff3f3862709ab1a12566e73b9d6a9b8f6e548]
stable/6.1: [425d9d3a92df7d96b3cfb7ee5c240293a21cbde3]
stable/6.4: [e5207c1d69b1a9707615ab6ff9376e59fc096815]
Currently tracking CVEs
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
There is no fix information.
CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM
No fix information.
CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
No fix information.
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
next reply other threads:[~2023-08-02 23:39 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-02 23:38 Masami Ichikawa [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-09-13 22:34 New CVE entries this week Masami Ichikawa
2023-09-06 23:22 Masami Ichikawa
2023-08-30 23:08 Masami Ichikawa
2023-08-23 22:47 Masami Ichikawa
2023-08-16 23:04 Masami Ichikawa
2023-08-10 0:04 Masami Ichikawa
2023-07-26 23:15 Masami Ichikawa
2023-07-20 0:25 Masami Ichikawa
2023-07-12 23:24 Masami Ichikawa
2023-07-06 0:35 Masami Ichikawa
2023-06-29 0:26 Masami Ichikawa
2023-06-21 23:07 Masami Ichikawa
2023-06-14 22:43 Masami Ichikawa
2023-06-07 22:19 Masami Ichikawa
2023-05-31 23:54 Masami Ichikawa
2023-05-24 22:50 Masami Ichikawa
2023-05-17 23:10 Masami Ichikawa
2023-05-10 23:47 Masami Ichikawa
2023-05-03 22:53 Masami Ichikawa
2023-04-26 23:10 Masami Ichikawa
2023-04-19 23:49 Masami Ichikawa
2023-04-13 0:19 Masami Ichikawa
2023-04-06 0:19 Masami Ichikawa
2023-03-29 23:52 Masami Ichikawa
2023-03-22 23:10 Masami Ichikawa
2023-03-16 0:03 Masami Ichikawa
2023-03-08 23:53 Masami Ichikawa
2023-03-02 1:40 Masami Ichikawa
2023-02-22 23:33 Masami Ichikawa
2023-02-15 23:19 Masami Ichikawa
2023-02-08 23:44 Masami Ichikawa
2023-02-02 0:55 Masami Ichikawa
2023-01-25 23:59 Masami Ichikawa
2023-01-19 0:14 Masami Ichikawa
2023-03-03 14:08 ` Dan Carpenter
2023-01-12 0:21 Masami Ichikawa
2023-01-05 1:04 Masami Ichikawa
2022-12-29 0:00 Masami Ichikawa
2022-12-21 22:58 Masami Ichikawa
2023-02-01 8:09 ` Dan Carpenter
2023-02-01 13:59 ` Dan Carpenter
2022-12-15 3:25 Masami Ichikawa
2023-01-19 7:51 ` Dan Carpenter
2023-01-19 13:56 ` Masami Ichikawa
2023-01-19 15:24 ` Dan Carpenter
2022-12-07 23:25 Masami Ichikawa
2022-11-30 23:26 Masami Ichikawa
2022-11-24 1:24 Masami Ichikawa
2022-11-17 0:11 Masami Ichikawa
2022-11-09 23:02 Masami Ichikawa
2022-11-02 23:20 Masami Ichikawa
2022-10-27 0:55 Masami Ichikawa
2022-10-20 0:48 Masami Ichikawa
2022-10-12 23:43 Masami Ichikawa
2022-10-05 23:53 Masami Ichikawa
2022-09-28 23:42 Masami Ichikawa
2022-09-22 0:06 Masami Ichikawa
2022-09-14 23:53 Masami Ichikawa
2022-09-07 23:07 Masami Ichikawa
2022-09-01 0:12 Masami Ichikawa
2022-08-25 1:18 Masami Ichikawa
2022-08-17 23:23 Masami Ichikawa
2022-08-10 23:20 Masami Ichikawa
2022-08-04 0:29 Masami Ichikawa
2022-07-27 23:45 Masami Ichikawa
2022-07-21 0:01 Masami Ichikawa
2022-07-14 0:54 Masami Ichikawa
2022-07-06 23:21 Masami Ichikawa
2022-06-29 22:50 Masami Ichikawa
2022-06-22 23:47 Masami Ichikawa
2022-06-15 23:44 Masami Ichikawa
2022-06-08 23:44 Masami Ichikawa
2022-06-02 0:14 Masami Ichikawa
2022-05-25 23:12 Masami Ichikawa
2022-05-19 0:21 Masami Ichikawa
2022-05-12 0:15 Masami Ichikawa
2022-05-04 22:53 Masami Ichikawa
2022-04-27 23:03 Masami Ichikawa
2022-04-21 0:00 Masami Ichikawa
2022-04-14 0:10 Masami Ichikawa
2022-04-06 23:50 Masami Ichikawa
2022-03-30 23:22 Masami Ichikawa
2022-03-24 0:42 Masami Ichikawa
2022-03-16 23:34 Masami Ichikawa
2022-03-09 23:55 Masami Ichikawa
2022-03-02 23:50 Masami Ichikawa
2022-02-23 23:41 Masami Ichikawa
2022-02-17 0:09 Masami Ichikawa
2022-02-10 1:35 Masami Ichikawa
2022-02-03 0:28 Masami Ichikawa
2022-01-05 23:31 Masami Ichikawa
2021-10-28 0:05 Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAODzB9ppRV992Erf4QnGh9poKGSxyUNgxGdEPMn+cA4taDNsQg@mail.gmail.com \
--to=masami.ichikawa@miraclelinux.com \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).