what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

CVE-2023-34319

Status Candidate

Overview

The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver.

Related Files

Gentoo Linux Security Advisory 202409-10
Posted Sep 23, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202409-10 - Multiple vulnerabilities have been discovered in Xen, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.17.4 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2022-42336, CVE-2022-4949, CVE-2023-28746, CVE-2023-34319, CVE-2023-34320, CVE-2023-34321, CVE-2023-34322, CVE-2023-34323, CVE-2023-34324, CVE-2023-34325, CVE-2023-34327, CVE-2023-34328, CVE-2023-46835, CVE-2023-46836
SHA-256 | 8b158b4b14fabb37b107389483696ee806809c7a28b87657efca564110fdb8a3
Kernel Live Patch Security Notice LSN-0099-1
Posted Nov 29, 2023
Authored by Benjamin M. Romer

It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). Various other issues were discovered and addressed.

tags | advisory, denial of service, kernel, local
systems | linux
advisories | CVE-2022-3643, CVE-2023-31436, CVE-2023-34319, CVE-2023-3567, CVE-2023-3609, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-40283, CVE-2023-42752, CVE-2023-42753, CVE-2023-4622, CVE-2023-4623
SHA-256 | ee52836c711111ecd52b6c4162409caa5a393b4ec4571f1e5de8d4ace83228b9
Ubuntu Security Notice USN-6466-1
Posted Nov 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6466-1 - Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2022-45886, CVE-2022-45887, CVE-2022-48425, CVE-2023-1206, CVE-2023-20569, CVE-2023-20588, CVE-2023-21264, CVE-2023-2156, CVE-2023-31083, CVE-2023-3212, CVE-2023-34319, CVE-2023-3772, CVE-2023-38427, CVE-2023-38430
SHA-256 | d231e9eb22491a28681d89631f3af4b06d452c694529f3f61e5a1f1f2333a3c8
Ubuntu Security Notice USN-6441-3
Posted Oct 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6441-3 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-34319, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
SHA-256 | cd013211e7487024671fcf7d94d72ba9336b3ec594db53047c4a61d17a3ea40b
Ubuntu Security Notice USN-6446-3
Posted Oct 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6446-3 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-34319, CVE-2023-4244, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5197
SHA-256 | 484ebd5fb48372ba1a85bd65fdc24bc439655586fb452d16cfa2fba3c7f9088e
Ubuntu Security Notice USN-6445-2
Posted Oct 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6445-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1206, CVE-2023-20569, CVE-2023-2156, CVE-2023-3338, CVE-2023-34319, CVE-2023-38432, CVE-2023-3863, CVE-2023-3865, CVE-2023-3866, CVE-2023-4132, CVE-2023-4155, CVE-2023-4194, CVE-2023-4244, CVE-2023-4273
SHA-256 | 7161886f27ce432ad514954dd1b3c798e3d98a8a29d07d4592bcf71aae1d37df
Ubuntu Security Notice USN-6446-2
Posted Oct 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6446-2 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-34319, CVE-2023-4244, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5197
SHA-256 | f0dc5ad0a790213ff19892b967ead2603483e643e8cae2857c45b952dc3896fe
Ubuntu Security Notice USN-6444-2
Posted Oct 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6444-2 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-34319, CVE-2023-4244, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5197
SHA-256 | e1d72b79310f991fbf9447b368e82c18985bd69f9a6a49de7ca3fae3cd49f9c6
Ubuntu Security Notice USN-6441-2
Posted Oct 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6441-2 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-34319, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
SHA-256 | 44a8d74486573b90a3938d4de86fd5260a49f42a9d0fa43f3e35fdf5e38e0ffe
Ubuntu Security Notice USN-6439-2
Posted Oct 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6439-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1206, CVE-2023-31083, CVE-2023-34319, CVE-2023-3772, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
SHA-256 | 2fd25e40051d1ba2bbf46094a9e3c568101d4401e9c1c5f7d1348688c66cd0a2
Ubuntu Security Notice USN-6440-2
Posted Oct 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6440-2 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0597, CVE-2023-1206, CVE-2023-31083, CVE-2023-34319, CVE-2023-3772, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
SHA-256 | 53dde989c721b58c0ab2a8afed3fd49eb8bd3b0589646a03c93ff63b342aa7dd
Ubuntu Security Notice USN-6445-1
Posted Oct 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6445-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1206, CVE-2023-20569, CVE-2023-2156, CVE-2023-3338, CVE-2023-34319, CVE-2023-38432, CVE-2023-3863, CVE-2023-3865, CVE-2023-3866, CVE-2023-4132, CVE-2023-4155, CVE-2023-4194, CVE-2023-4244, CVE-2023-4273
SHA-256 | e6b24dd74615cc6c00bd4c9686d9c6103de24a03be2c7b72a6caee0cd088dc72
Ubuntu Security Notice USN-6446-1
Posted Oct 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6446-1 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-34319, CVE-2023-4244, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5197
SHA-256 | 983eb07e4f52536926c8898d1770d713cdd350b8877f816cb919688180d04372
Ubuntu Security Notice USN-6440-1
Posted Oct 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6440-1 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0597, CVE-2023-1206, CVE-2023-31083, CVE-2023-34319, CVE-2023-3772, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
SHA-256 | 598cc5d139a12c8f709abd7b1310edc18543d27b190ad6ec74fe1916b728621c
Ubuntu Security Notice USN-6442-1
Posted Oct 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6442-1 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the netfilter subsystem in the Linux kernel did not properly handle PIPAPO element removal, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-34319, CVE-2023-4004, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
SHA-256 | 624ca94c1f61f0b559f33ddb2227d18b1b0967ea91bffacbc1c10b4b19320a6d
Ubuntu Security Notice USN-6441-1
Posted Oct 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6441-1 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-34319, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
SHA-256 | a66b0d7f031b83030940495dffa4d55e99dd4144b4b592319cafa0610e3bf224
Ubuntu Security Notice USN-6444-1
Posted Oct 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6444-1 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-34319, CVE-2023-4244, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5197
SHA-256 | 8645d582e10335986115be5495a9fdd5e21177f253b7c4269b41af043d52fdd1
Ubuntu Security Notice USN-6439-1
Posted Oct 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6439-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1206, CVE-2023-31083, CVE-2023-34319, CVE-2023-3772, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
SHA-256 | 72f14266ef2dab28b735ecdb9a984376148d27762c1aaf7bfb59ca14bddaaab9
Debian Security Advisory 5492-1
Posted Sep 11, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5492-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2023-1206, CVE-2023-1989, CVE-2023-20588, CVE-2023-2430, CVE-2023-2898, CVE-2023-34319, CVE-2023-3611, CVE-2023-3772, CVE-2023-3773, CVE-2023-3776, CVE-2023-3777, CVE-2023-3863, CVE-2023-4004, CVE-2023-4015
SHA-256 | 60277f2faef1ae1013aaa8886111d7c6bc6dc369ef63d5538109f991fe7534ea
Ubuntu Security Notice USN-6343-1
Posted Sep 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6343-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-1206, CVE-2023-34319, CVE-2023-40283, CVE-2023-4128, CVE-2023-4155, CVE-2023-4194, CVE-2023-4273
SHA-256 | 7110047976f0ec67dc61de4540495873aa7a04b2a42b9e6129b9fe9d882af93f
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close