what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

CVE-2023-2235

Status Candidate

Overview

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.

Related Files

Ubuntu Security Notice USN-6385-1
Posted Sep 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-27672, CVE-2022-4269, CVE-2023-0458, CVE-2023-1075, CVE-2023-1076, CVE-2023-1206, CVE-2023-1380, CVE-2023-1611, CVE-2023-2002, CVE-2023-20593, CVE-2023-2162, CVE-2023-2163, CVE-2023-2235, CVE-2023-2269
SHA-256 | 397aabee4166381c7e45af794aab5e2f5ce22baf3c0ee09c03c9b743ea1a8b5f
Ubuntu Security Notice USN-6347-1
Posted Sep 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6347-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-4269, CVE-2022-48502, CVE-2023-0597, CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2002, CVE-2023-2124, CVE-2023-2163, CVE-2023-2194, CVE-2023-2235, CVE-2023-2269, CVE-2023-23004, CVE-2023-28466
SHA-256 | 659842a89750627e93b06b2c5f9ccce1e7754119391c220f3384990e97e4add3
Ubuntu Security Notice USN-6332-1
Posted Sep 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6332-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2022-4269, CVE-2022-48502, CVE-2023-0597, CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2002, CVE-2023-20593, CVE-2023-2124, CVE-2023-21400, CVE-2023-2163, CVE-2023-2194, CVE-2023-2235
SHA-256 | 7895b909f0b7291037f3541c0436bb88a700a07bb8073b7931b1633f08940c35
Ubuntu Security Notice USN-6311-1
Posted Aug 29, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6311-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-4269, CVE-2022-48502, CVE-2023-0597, CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2002, CVE-2023-2124, CVE-2023-2163, CVE-2023-2194, CVE-2023-2235, CVE-2023-2269, CVE-2023-23004, CVE-2023-28466
SHA-256 | 38951d5b718d49a0351a328ce7f776379eb4fae74bf9110977c3b729f3c0f8ac
Ubuntu Security Notice USN-6300-1
Posted Aug 18, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6300-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-4269, CVE-2022-48502, CVE-2023-0597, CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2002, CVE-2023-2124, CVE-2023-2163, CVE-2023-2194, CVE-2023-2235, CVE-2023-2269, CVE-2023-23004, CVE-2023-28466
SHA-256 | 829cc8a82ad61e2a0dec9b102d838ba347daf73a403d600e65767e9f8d3821c0
Red Hat Security Advisory 2023-4664-01
Posted Aug 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-41723, CVE-2022-45869, CVE-2022-46663, CVE-2023-0458, CVE-2023-1998, CVE-2023-2002, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235, CVE-2023-22652, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538
SHA-256 | e6adec08a41db66a6b16db061aa69314b8013291796ba90e7c9baac7c7edf27c
Red Hat Security Advisory 2023-4517-01
Posted Aug 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4517-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-42896, CVE-2023-1281, CVE-2023-1829, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235
SHA-256 | 18ca1a2d2bb8e1e5c625c86b54b8da16e838e8069670bd47e1b837b47fd7e8ba
Red Hat Security Advisory 2023-4541-01
Posted Aug 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4541-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-42896, CVE-2023-1281, CVE-2023-1829, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235
SHA-256 | afd57de8197f4fa2f3f6f819900ae0f78bac5331e50d8a51481ca5b1e5bb9e15
Red Hat Security Advisory 2023-4138-01
Posted Jul 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4138-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-1016, CVE-2022-42703, CVE-2022-42896, CVE-2023-2002, CVE-2023-2124, CVE-2023-2235
SHA-256 | f8b97d4d0a20202fd8472e0501371707eb23f41e2f31643cdfa1422371ae825b
Red Hat Security Advisory 2023-4137-01
Posted Jul 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-1016, CVE-2022-42703, CVE-2022-42896, CVE-2023-2002, CVE-2023-2124, CVE-2023-2235
SHA-256 | 4b65923bf845849e09aa0b1481f33a2752f933324e473281f1bdcfbe890d7927
Ubuntu Security Notice USN-6186-1
Posted Jun 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6186-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-4269, CVE-2023-1380, CVE-2023-1583, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1859, CVE-2023-1989, CVE-2023-1990, CVE-2023-2194, CVE-2023-2235, CVE-2023-2612, CVE-2023-28466, CVE-2023-28866
SHA-256 | 852bc0984d64527371695ee9feac0d312b46b12c591411f7a5be5f0ffb1c93a2
Red Hat Security Advisory 2023-3723-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-2002, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235, CVE-2023-28466, CVE-2023-32233
SHA-256 | f8a34f995a7852da92a3cca107e8f6571599a4b822024fff055ccd561d71651d
Red Hat Security Advisory 2023-3708-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3708-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-2002, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235, CVE-2023-28466, CVE-2023-32233
SHA-256 | 80c9f68cc29ea00b3e16e1e525e2fcbc5bac527cd864bd1396b7641c8f97a6a4
Red Hat Security Advisory 2023-3705-01
Posted Jun 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3705-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-2235, CVE-2023-32233
SHA-256 | d9170a36430152a0d4ba9fe37a5440e6cdc18a63346a7327047c49cb6c7e80ff
Ubuntu Security Notice USN-6175-1
Posted Jun 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6175-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-4269, CVE-2023-1380, CVE-2023-1583, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1859, CVE-2023-1989, CVE-2023-1990, CVE-2023-2194, CVE-2023-2235, CVE-2023-2612, CVE-2023-28466, CVE-2023-28866
SHA-256 | 8d2750e78e3f34d550c35335528e9e223f031e2f6d9e0cec905fe85512526c34
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close