what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

CVE-2023-3090

Status Candidate

Overview

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.

Related Files

Kernel Live Patch Security Notice LSN-0098-1
Posted Oct 11, 2023
Authored by Benjamin M. Romer

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2023-21400, CVE-2023-3090, CVE-2023-3567, CVE-2023-3609, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-40283, CVE-2023-4128
SHA-256 | cee33fcedd3c531f91ff1d0a8fe1060cf9d74dad35ef33c6828c5de7d753e527
Red Hat Security Advisory 2023-5548-01
Posted Oct 11, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5548-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-3090
SHA-256 | ea2407eed69b186bd41d129c0b9330e667b533a063b71abfcfb917fe450d9abd
Red Hat Security Advisory 2023-5244-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5244-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-2002, CVE-2023-20593, CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-3776, CVE-2023-4004
SHA-256 | 2d37542ffeef6aa7c393c541f56dba5c05c37d66228b869b552effea838c1489
Red Hat Security Advisory 2023-5255-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5255-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine- tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-2002, CVE-2023-20593, CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-3776, CVE-2023-4004
SHA-256 | 258b79c6d38731112095e3861aa827e7da64cfdb743f048033bd446d901f450c
Red Hat Security Advisory 2023-5221-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5221-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-3776, CVE-2023-4004
SHA-256 | 90b863a69ef3aaeeadf4c84256e8105c90c054203054b9c02dcef9c670542b6c
Kernel Live Patch Security Notice LSN-0097-1
Posted Sep 11, 2023
Authored by Benjamin M. Romer

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities were also discovered and addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux
advisories | CVE-2023-3090, CVE-2023-31248, CVE-2023-32629, CVE-2023-3389, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788
SHA-256 | ea3847865d59a38e67f8587f61b9187dd08496a2ad7eb51fab178dfdf50df391
Red Hat Security Advisory 2023-4961-01
Posted Sep 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4961-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-1829, CVE-2023-2002, CVE-2023-2124, CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-4004
SHA-256 | 6684389df31fc20aede82599f99fafc894611d2c55fac3be32a4e69245e35cdc
Red Hat Security Advisory 2023-4967-01
Posted Sep 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4967-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-1829, CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-4004
SHA-256 | 5e22461312df0e509649b6a701ce80d7ddb1c340b7ff0348a3ad838f96cc31fa
Red Hat Security Advisory 2023-4962-01
Posted Sep 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-1829, CVE-2023-2002, CVE-2023-2124, CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-4004
SHA-256 | 53ab97930ec953dffbca45e4e056a2e6296372ccd616bd9dc629e8f5df8fa6e6
Red Hat Security Advisory 2023-4828-01
Posted Aug 29, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4828-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-3090
SHA-256 | f9180b54333bfacb5bc7fb29b0a942965ea4bb74ff00da3b297826bbe6590d69
Red Hat Security Advisory 2023-4829-01
Posted Aug 29, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4829-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-3090, CVE-2023-35788
SHA-256 | d7b8a5fc0f52c760510c5f2bcdddbc437421aca0d17e34c611a4424300b7deaf
Red Hat Security Advisory 2023-4817-01
Posted Aug 29, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4817-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and out of bounds write vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-2124, CVE-2023-3090, CVE-2023-35788
SHA-256 | b4b5d1adc7f4e537181043ae9cba0af938502028acf15f80703bd65c2177dc12
Red Hat Security Advisory 2023-4815-01
Posted Aug 29, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4815-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and out of bounds write vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-2124, CVE-2023-3090, CVE-2023-35788
SHA-256 | 22150159ee09a20a4997845b7ab0a4d00dac6b3acdf37cb421ad3f6f44c0c336
Red Hat Security Advisory 2023-4814-01
Posted Aug 29, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4814-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-1353, CVE-2022-39188, CVE-2023-0458, CVE-2023-28466, CVE-2023-3090
SHA-256 | 8c5ac94c6537d23ca9834883b4b960ad9b55d066cc97d33f79eed6c4cff6d24b
Red Hat Security Advisory 2023-4801-01
Posted Aug 29, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4801-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2022-1353, CVE-2022-39188, CVE-2023-0458, CVE-2023-28466, CVE-2023-3090
SHA-256 | 69dee2dbee577aa7aa5d1ce9e6212537a5783f26169f7850358b75c721ad04ab
Debian Security Advisory 5480-1
Posted Aug 21, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5480-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2022-39189, CVE-2022-4269, CVE-2023-1206, CVE-2023-1380, CVE-2023-2002, CVE-2023-2007, CVE-2023-20588, CVE-2023-2124, CVE-2023-21255, CVE-2023-21400, CVE-2023-2269, CVE-2023-2898, CVE-2023-3090, CVE-2023-31084
SHA-256 | 41dc7825fce5df5966134dc369b0fdabc89599073025de78f75ae2cf98e6b9a8
Red Hat Security Advisory 2023-4456-01
Posted Aug 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.

tags | advisory, add administrator
systems | linux, redhat
advisories | CVE-2022-41723, CVE-2022-45869, CVE-2023-0458, CVE-2023-1998, CVE-2023-22652, CVE-2023-28321, CVE-2023-28322, CVE-2023-28484, CVE-2023-29469, CVE-2023-3089, CVE-2023-3090, CVE-2023-32681, CVE-2023-35788, CVE-2023-38408
SHA-256 | b0a498344d09cd12609bee557f305594f2cff6126e3cae1cdc620fc9159bf3ec
Red Hat Security Advisory 2023-4516-01
Posted Aug 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4516-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-1829, CVE-2023-3090, CVE-2023-35788
SHA-256 | 03d87786d6e2c0629ae082adb3422c024d663a57ea078d1ab058a9e4b2ee5761
Red Hat Security Advisory 2023-4515-01
Posted Aug 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4515-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-1829, CVE-2023-2124, CVE-2023-3090, CVE-2023-35788
SHA-256 | fb4b957aa7d6c07f0ae0edcd5bdf1b80d2a1f449f0cac11542baf1e29bcf298f
Red Hat Security Advisory 2023-4380-01
Posted Aug 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4380-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-3090, CVE-2023-35788
SHA-256 | 76bfd0b219a147940968b013bcf9113ef82e3d224d1f4bfe49d0f729cfd55716
Red Hat Security Advisory 2023-4378-01
Posted Aug 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4378-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an out of bounds write vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-45869, CVE-2023-0458, CVE-2023-1998, CVE-2023-3090, CVE-2023-35788
SHA-256 | 511ec66ad263f75e030de1cbda1509e172580911b01a2b63f2b3736fac3387e2
Red Hat Security Advisory 2023-4377-01
Posted Aug 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4377-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-45869, CVE-2023-0458, CVE-2023-1998, CVE-2023-3090, CVE-2023-35788
SHA-256 | 981ee03460bd476e4e848f2ec945b4f7f01dc4a931edef8abf648725a187cc49
Ubuntu Security Notice USN-6261-1
Posted Jul 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6261-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-3090, CVE-2023-32629, CVE-2023-3390, CVE-2023-35001
SHA-256 | 61fedc9fdbbcf1386a4c050696f6c23c47c6b3b07660a05455f081ba31d4a991
Ubuntu Security Notice USN-6260-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48502, CVE-2023-2640, CVE-2023-3090, CVE-2023-31248, CVE-2023-3141, CVE-2023-32629, CVE-2023-3389, CVE-2023-3390, CVE-2023-35001
SHA-256 | a4384a0d58c965d16d9a12fe71bc79afb9b36f12a4660d6419a9dae8338f976a
Ubuntu Security Notice USN-6255-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6255-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-3090, CVE-2023-31248, CVE-2023-3389, CVE-2023-3390, CVE-2023-3439, CVE-2023-35001
SHA-256 | b92e45b5821cbc38a01a9f4fad300b0ca630b46f0b15c730d3315c01259ea4d7
Page 1 of 2
Back12Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close