exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

CVE-2023-0386

Status Candidate

Overview

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

Related Files

Kernel Live Patch Security Notice LSN-0095-1
Posted Jun 22, 2023
Authored by Benjamin M. Romer

It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2023-0386, CVE-2023-1380, CVE-2023-1872, CVE-2023-2612, CVE-2023-31436, CVE-2023-32233
SHA-256 | 9af3c677c764aab7902d47c2a505555b84fde68a690ae6e7624c01659fe90f86
Ubuntu Security Notice USN-6134-1
Posted Jun 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6134-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-27672, CVE-2022-3707, CVE-2022-4129, CVE-2022-47929, CVE-2022-4842, CVE-2023-0386, CVE-2023-0394, CVE-2023-0458, CVE-2023-0459, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1078, CVE-2023-1118
SHA-256 | f29d43641cf6602854ca5f12c8ec924f3cc0c924589ae311e0273f588159f703
Debian Security Advisory 5402-1
Posted May 15, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5402-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2023-0386, CVE-2023-31436, CVE-2023-32233
SHA-256 | ca0a9fd5ac26d144a3b3fe22c96089ab67f84776e3fc15dfb5ebef70147e7218
Ubuntu Security Notice USN-6072-1
Posted May 11, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6072-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0386, CVE-2023-0468, CVE-2023-1829, CVE-2023-1859, CVE-2023-23455, CVE-2023-26545
SHA-256 | 464784fc1b864509cd7743efd768c18ef1040022ac031c3c8fa8e70d3c797def
Ubuntu Security Notice USN-6071-1
Posted May 11, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6071-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-2590, CVE-2022-3303, CVE-2022-3586, CVE-2022-40307, CVE-2022-4095, CVE-2022-4662, CVE-2023-0386, CVE-2023-0468, CVE-2023-1829, CVE-2023-1859, CVE-2023-23455, CVE-2023-26545
SHA-256 | a8d674de4142afe5b10e10c26e6abb74259bba061201962b8a068983374d9c79
Ubuntu Security Notice USN-6057-1
Posted May 5, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6057-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-4129, CVE-2022-47929, CVE-2022-4842, CVE-2023-0386, CVE-2023-0394, CVE-2023-1073, CVE-2023-1074, CVE-2023-1281, CVE-2023-1652, CVE-2023-26545
SHA-256 | 040f1d117d95311a74a29ff7b24fcda0c036e35e0b140bebc5c6fe078bee84e0
Ubuntu Security Notice USN-6043-1
Posted Apr 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6043-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0386, CVE-2023-1829
SHA-256 | ec0a1a5229c94426fcf24b22b769c5c1af54a44019b5d5ea9430e2216b19db8f
Red Hat Security Advisory 2023-1953-01
Posted Apr 26, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1953-01 - Red Hat OpenShift Logging Subsystem 5.6.5 update. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2022-4269, CVE-2022-4378, CVE-2023-0266, CVE-2023-0361, CVE-2023-0386, CVE-2023-27539, CVE-2023-28120
SHA-256 | 1ff111b4a85069401a7dff1ebf454e3f070b0c09625b392292621a537d201e03
Ubuntu Security Notice USN-6040-1
Posted Apr 25, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6040-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-4129, CVE-2022-47929, CVE-2022-4842, CVE-2023-0386, CVE-2023-0394, CVE-2023-1073, CVE-2023-1074, CVE-2023-1281, CVE-2023-1652, CVE-2023-26545
SHA-256 | 26dff9542ab0bc55ce32713143c92728543d90f446c699eee6688caf98c1678e
Red Hat Security Advisory 2023-1980-01
Posted Apr 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1980-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-0386
SHA-256 | 8bce09f6ecc0a910a5d4de0c2838fdb9cf51c3098193e65653446442ca9771f1
Red Hat Security Advisory 2023-1984-01
Posted Apr 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1984-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-0386
SHA-256 | 6b73ab0c136ac4a6f25418ecd1c2e5ac39cb19b0da9a518844bd5725d46a0676
Red Hat Security Advisory 2023-1970-01
Posted Apr 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1970-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-0386
SHA-256 | 0391b518960672cef5c83b0dbbb1c08a3aec8123e9b9f294d2bf0c97ce42b086
Ubuntu Security Notice USN-6025-1
Posted Apr 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6025-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-4129, CVE-2022-47929, CVE-2022-4842, CVE-2023-0386, CVE-2023-0394, CVE-2023-1073, CVE-2023-1074, CVE-2023-1281, CVE-2023-1652, CVE-2023-26545
SHA-256 | 8c6281ddbf56e092c3440753f9d56a5e0dadfd6af2c500c94bc852f14299edf8
Red Hat Security Advisory 2023-1677-01
Posted Apr 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1677-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-23521, CVE-2022-41903, CVE-2023-0266, CVE-2023-0386, CVE-2023-0767
SHA-256 | d50fcde157b0d81293003398a54404e2ecee374586626ce00fc2dbcc0d6bdaa5
Red Hat Security Advisory 2023-1703-01
Posted Apr 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1703-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-0386
SHA-256 | 03a9f7d0a470c4a3a3e5ff2582b47989635975c93c4803d4ad495a25a443adac
Red Hat Security Advisory 2023-1691-01
Posted Apr 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1691-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-0386
SHA-256 | eccaa6934a64207a23dd6b1cf3fa71535c99920b8ea85a4c853863d77d0ecf12
Red Hat Security Advisory 2023-1681-01
Posted Apr 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1681-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-0386
SHA-256 | ed29f867346e7388a07eaead82debbae66d899bc23a11235339b3af2d5749d55
Red Hat Security Advisory 2023-1660-01
Posted Apr 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1660-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-0266, CVE-2023-0386
SHA-256 | 0008187676020d7b4f5c691ffa9ebcbd517148f4234832a10da585e28d1bcbed
Red Hat Security Advisory 2023-1659-01
Posted Apr 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1659-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-4378, CVE-2023-0266, CVE-2023-0386, CVE-2023-1476
SHA-256 | c5c6f461f203851521b544484a8be410baea0da90ffc920177ecf0c96db4329e
Red Hat Security Advisory 2023-1566-01
Posted Apr 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1566-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-4269, CVE-2022-4378, CVE-2023-0266, CVE-2023-0386
SHA-256 | 39aea6c477ec6bfecb8b831b361a2d70ddc67cacde4c39fa97b5bac77f700cc6
Red Hat Security Advisory 2023-1584-01
Posted Apr 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1584-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-4269, CVE-2022-4378, CVE-2023-0266, CVE-2023-0386
SHA-256 | 1dae79d00c1eb310c6a5308f585ee188f1aa0b3d59a9e7b1718f771f653bca6f
Red Hat Security Advisory 2023-1554-01
Posted Apr 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1554-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-0266, CVE-2023-0386
SHA-256 | 7ad37e08e8ab09d46be7e330075101c6e6dad611e42874f7a1ca463819b82343
Page 1 of 1
Back1Next

File Archive:

October 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    0 Files
  • 2
    Oct 2nd
    22 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close