what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2023-4569

Status Candidate

Overview

A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak.

Related Files

Kernel Live Patch Security Notice LSN-0103-1
Posted May 1, 2024
Authored by Benjamin M. Romer

Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, memory leak
systems | linux
advisories | CVE-2023-4569, CVE-2023-51781, CVE-2023-6817, CVE-2024-0193, CVE-2024-1085, CVE-2024-1086, CVE-2024-26597
SHA-256 | 9e5eb976874c7a13fcf2a71119849f5abece485528a92084501d9c7e0d3b4529
Kernel Live Patch Security Notice LSN-0102-1
Posted Apr 9, 2024
Authored by Benjamin M. Romer

It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, memory leak
systems | linux
advisories | CVE-2023-1872, CVE-2023-4569, CVE-2023-51781, CVE-2023-6176, CVE-2024-0646, CVE-2024-1086
SHA-256 | 5d360530cd59a1d5483a776654fdfec33b0978f21c0af5d79f7f2f3fb4c9a39c
Ubuntu Security Notice USN-6386-3
Posted Oct 4, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6386-3 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20588, CVE-2023-40283, CVE-2023-4128, CVE-2023-4569
SHA-256 | 9e6acdc1fc5617ecd41b5df8f4a74a5d8fff08867f2f3ba7e58deb983fa599cf
Ubuntu Security Notice USN-6386-2
Posted Sep 29, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6386-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20588, CVE-2023-40283, CVE-2023-4128, CVE-2023-4569
SHA-256 | 7cd557b2e2e3d2b14432e8c2e2789eb58ccb6872a0ba1afc3e86b015c5384f97
Ubuntu Security Notice USN-6386-1
Posted Sep 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6386-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20588, CVE-2023-40283, CVE-2023-4128, CVE-2023-4569
SHA-256 | bb3fec09c344ab02a8e97c9b05a2f5ec011b794fb1ce3732497d718508ca5052
Ubuntu Security Notice USN-6384-1
Posted Sep 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6384-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information.

tags | advisory, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2023-20588, CVE-2023-4569
SHA-256 | 86d4f986dbf26d2b8344d0f408ab0eb7fb4ec29c9e1181c7b908d23ecbd28bf5
Ubuntu Security Notice USN-6383-1
Posted Sep 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6383-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the ARM64 KVM implementation in the Linux kernel did not properly restrict hypervisor memory access. An attacker in a guest VM could use this to execute arbitrary code in the host OS.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20588, CVE-2023-21264, CVE-2023-40283, CVE-2023-4128, CVE-2023-4569
SHA-256 | c5be03314d6525a0dd88d31e6ba90e7d12a4b76d20a1e301e71a80a7805ade26
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    18 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    31 Files
  • 30
    May 30th
    22 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close