what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 32 of 32 RSS Feed

CVE-2023-3090

Status Candidate

Overview

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.

Related Files

Ubuntu Security Notice USN-6254-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6254-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0458, CVE-2023-1611, CVE-2023-2124, CVE-2023-2162, CVE-2023-2513, CVE-2023-3090, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3390, CVE-2023-35001
SHA-256 | 0faaa1a4c904d2777eb8f39748a9d767eddb9f41659d19079b8dcbea4f5d81ef
Ubuntu Security Notice USN-6252-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6252-1 - It was discovered that the ext4 file system implementation in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service. It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-1184, CVE-2022-3303, CVE-2023-1611, CVE-2023-1670, CVE-2023-1859, CVE-2023-1990, CVE-2023-2124, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3268, CVE-2023-3390, CVE-2023-35001
SHA-256 | f33849bf32c8784dc2dc942eddd765a6da4ead4a24f6749cde835abee1fdbf59
Ubuntu Security Notice USN-6251-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6251-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-3090, CVE-2023-32629, CVE-2023-3390, CVE-2023-35001
SHA-256 | 454e1b5e5d30f6e8a5dc26ecf1b6be0d2fc92760c30103129500f56590135e97
Ubuntu Security Notice USN-6250-1
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6250-1 - Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-2640, CVE-2023-3090, CVE-2023-31248, CVE-2023-32629, CVE-2023-3269, CVE-2023-3389, CVE-2023-3390, CVE-2023-35001
SHA-256 | a3c2bee7fb44adf555ec4f0c4513eec063216c00e3541ec88c1729871be7fb50
Ubuntu Security Notice USN-6246-1
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-3090, CVE-2023-31248, CVE-2023-3389, CVE-2023-3390, CVE-2023-3439, CVE-2023-35001
SHA-256 | 7f9ddb30c299540f775c7e9d346e63ed48d654b7514ccd96b18201204baecce7
Ubuntu Security Notice USN-6231-1
Posted Jul 17, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6231-1 - It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service. It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-2124, CVE-2023-3090, CVE-2023-31084, CVE-2023-3141, CVE-2023-3212
SHA-256 | 2e365ffb339dfe2be44bdbad6d687359019a0b108d3006f7adbc0e5c4b3f56ff
Debian Security Advisory 5448-1
Posted Jul 6, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5448-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2023-2124, CVE-2023-2156, CVE-2023-2269, CVE-2023-3090, CVE-2023-31084, CVE-2023-3212, CVE-2023-32250, CVE-2023-32254, CVE-2023-3268, CVE-2023-3269, CVE-2023-3390, CVE-2023-35788
SHA-256 | 69b555bc6896ae45b61015f0f97296207dfc3d9bdcac414ad415646ffe0f0645
Page 2 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close