what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2023-31436

Status Candidate

Overview

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

Related Files

Kernel Live Patch Security Notice LSN-0099-1
Posted Nov 29, 2023
Authored by Benjamin M. Romer

It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). Various other issues were discovered and addressed.

tags | advisory, denial of service, kernel, local
systems | linux
advisories | CVE-2022-3643, CVE-2023-31436, CVE-2023-34319, CVE-2023-3567, CVE-2023-3609, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-40283, CVE-2023-42752, CVE-2023-42753, CVE-2023-4622, CVE-2023-4623
SHA-256 | ee52836c711111ecd52b6c4162409caa5a393b4ec4571f1e5de8d4ace83228b9
Ubuntu Security Notice USN-6460-1
Posted Oct 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6460-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service or possibly expose sensitive information.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-1206, CVE-2023-1380, CVE-2023-31436, CVE-2023-35001, CVE-2023-42752, CVE-2023-42755, CVE-2023-4623
SHA-256 | ccc14e1e2347798994b0336a3ccd2a0a1c44b24485ea7d3488a8ff85109c2c43
Kernel Live Patch Security Notice LSN-0096-1
Posted Jul 26, 2023
Authored by Benjamin M. Romer

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). Various other issues were also addressed.

tags | advisory, denial of service, x86, kernel
systems | linux
advisories | CVE-2023-1380, CVE-2023-30456, CVE-2023-31248, CVE-2023-31436, CVE-2023-35001
SHA-256 | f71c9e71db4bb6c2c048a5f92cbb08cec9d660d843f677df4000f97384e9be37
Kernel Live Patch Security Notice LSN-0095-1
Posted Jun 22, 2023
Authored by Benjamin M. Romer

It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2023-0386, CVE-2023-1380, CVE-2023-1872, CVE-2023-2612, CVE-2023-31436, CVE-2023-32233
SHA-256 | 9af3c677c764aab7902d47c2a505555b84fde68a690ae6e7624c01659fe90f86
Ubuntu Security Notice USN-6173-1
Posted Jun 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6173-1 - Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1380, CVE-2023-2002, CVE-2023-2156, CVE-2023-2269, CVE-2023-31436, CVE-2023-32250, CVE-2023-32254
SHA-256 | ccc8ff95186bd726c8eb36757aaf6c8e4629e08f7a67c77b1f9fe8399317af8c
Ubuntu Security Notice USN-6162-1
Posted Jun 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6162-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1380, CVE-2023-2612, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233
SHA-256 | 051c13fde2c80844e27b2c57f0560451ad311ec00b445d14e7ef723cdc3f3a3a
Ubuntu Security Notice USN-6150-1
Posted Jun 9, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6150-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1380, CVE-2023-2612, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233
SHA-256 | 0acc6c7ad8dc0c5988138958ce21ae152b6621c4db1e8782277792c96cbaf6b5
Ubuntu Security Notice USN-6149-1
Posted Jun 9, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6149-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1073, CVE-2023-1380, CVE-2023-28328, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233
SHA-256 | 7519c27c454f92e04cb3775884c6e172222ac7d28f01614d4c927139473c0e92
Ubuntu Security Notice USN-6135-1
Posted Jun 5, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6135-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1380, CVE-2023-2612, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233
SHA-256 | 66a7b03c775050a82498ed2f444111107efb6e548a7e691d1c03a28b8eb3e17b
Ubuntu Security Notice USN-6130-1
Posted Jun 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6130-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1380, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233
SHA-256 | eb8fea09209e1b2a9abd8095f300d58cce398ab3b53779fad1bc9628adcea281
Ubuntu Security Notice USN-6132-1
Posted Jun 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6132-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-3707, CVE-2023-0459, CVE-2023-1075, CVE-2023-1078, CVE-2023-1118, CVE-2023-1380, CVE-2023-1513, CVE-2023-2162, CVE-2023-2612, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233, CVE-2023-32269
SHA-256 | 3a2b50e313c2b4827e0511e7d699e0f91e738af1c052d4ce14e197ce64a96362
Ubuntu Security Notice USN-6131-1
Posted Jun 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6131-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1380, CVE-2023-2612, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233
SHA-256 | dc564d8e0327ead2dc5b56ea1fdacab2e8e966c41d956a83876c3ad9c642ef13
Ubuntu Security Notice USN-6127-1
Posted Jun 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6127-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1380, CVE-2023-2612, CVE-2023-30456, CVE-2023-31436, CVE-2023-32233
SHA-256 | d5bebd00eb8fbd02af592148b36695e2ef824baceadfe6af62ac658584cf2947
Debian Security Advisory 5402-1
Posted May 15, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5402-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2023-0386, CVE-2023-31436, CVE-2023-32233
SHA-256 | ca0a9fd5ac26d144a3b3fe22c96089ab67f84776e3fc15dfb5ebef70147e7218
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close