cip-dev@lists.cip-project.org | New CVE entries this week

Home Messages Hashtags Subgroups

Date Date 1 - 1 of 1

New CVE entries this week

Masami Ichikawa #10344 Hi ! It's this week's CVE report. This week reported 4 new CVEs and 3 updated CVEs. * New CVEs CVE-2023-0047: Out of memory in local cgroup's memory may cause denial of service outside its area CVSS v3 score is not provided According to the Red Hat bugzilla, "A Linux Kernel flaw found in memory management. If allocation failure happens in pagefault_out_of_memory with VM_FAULT_OOM, then it can lead to memory overflow when many tasks trigger this. An issue may cause multi-tenant denial of service (memory overflow). It was reported that a malicious workload may be allowed to OOM-kill random other workloads on the same node.". kernel 4.4 looks affected by this vulnerability. Fixed status mainline: [60e2793d440a3ec95abb5d6d4fc034a4b480472d] stable/4.14: [bed55513692e0dc720f02ad7da3e528c55e0b663] stable/4.19: [d508b70eaa8d6d994c289b757c0ca0355d4dbe29] stable/4.9: [973b61a5f3ba6690624d109a68cca35d0348b91f] stable/5.10: [1d457987366f7a92d03e03df80f9a63040133233] stable/5.15: [c15aeead2488b3b28db6863f9f2ba2338e3c9838] stable/5.4: [66938ba1285778634276a4b4028de367d7f1e8c2] CVE-2023-0122: NVME driver: null pointer dereference in drivers/nvme/target/auth.c CVSS v3 score is not provided A NULL pointer dereference in nvmet_setup_auth. This bug was introduced by commit db1312dd ("nvmet: implement basic In-Band Authentication") in 6.0-rc1. 4.x and 5.x kernels are not affected by this vulnerability. Fixed status mainline: [da0342a3aa0357795224e6283df86444e1117168] CVE-2022-4696: io_uring: add missing item types for splice request CVSS v3 score is not provided (NIST) CVSS v3 score is 7.8 (CNA) There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. fs/io_wq.[hc] are not present in 5.4. Fixed status mainline: [44526bedc2ff8fcd58552e3c5bae928524b6f13c] stable/5.10: [75454b4bbfc7e6a4dd8338556f36ea9107ddf61a] CVE-2023-0210: ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob CVSS v3 score is not provided There is a heap overflow bug in ksmbd_decode_ntlmssp_auth_blob in which nt_len can be less than CIFS_ENCPWD_SIZE This vulnerability was introduced by commit e2f3448 ("cifsd: add server-side procedures for SMB3") in 5.15-rc1. Less than 5.15 kernels are not affected by this issue. Fixed status mainline: [797805d81baa814f76cf7bdab35f86408a79d707] * Updated CVEs CVE-2022-36280: An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c stable 6.0 and 6.1 were fixed. Fixed status mainline: [4cf949c7fafe21e085a4ee386bb2dade9067316e] stable/6.0: [4d54d11b49860686331c58a00f733b16a93edfc4] stable/6.1: [622d527decaac0eb65512acada935a0fdc1d0202] CVE-2022-41218: media: dvb-core: Fix UAF due to refcount races at releasing stable 6.0 and 6.1 were fixed. Fixed status mainline: [fd3d91ab1c6ab0628fe642dd570b56302c30a792] stable/6.0: [55870fc9e45faa9a65860bcd6b0f8ca8c99afe44] stable/6.1: [530ca64b44625f7d39eb1d5efb6f9ff21da991e2] CVE-2022-3707: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed This bug was introduced by commit b901b252 ("drm/i915/gvt: Add 2M huge gtt support") in 4.19-rc1. Fixed status mainline: [4a61648af68f5ba4884f0e3b494ee1cabc4b6620] Currently tracking CVEs CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 There is no fix information. CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning No fix information. CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM No fix information. CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning No fix information. CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning No fix information. Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@...
More All Messages By This Member

1 - 1 of 1

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms