cip-dev@lists.cip-project.org | New CVE entries this week

Home Messages Hashtags Subgroups

Date Date 1 - 1 of 1

New CVE entries this week

Masami Ichikawa #11096 Hi ! It's this week's CVE report. This week reported 6 new CVEs and 2 updated CVEs. * New CVEs CVE-2023-28466: net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() CVSS v3 score is 7.0 HIGH. do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). This bug was introduced by commit 3c4d755 ("tls: kernel TLS support") in 4.13-rc1. The 4.4 kernels aren't affected. Fixed status mainline: [49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962] stable/6.1: [14c17c673e1bba08032d245d5fb025d1cbfee123] stable/6.2: [5231fa057bb0e52095591b303cf95ebd17bc62ce] CVE-2022-48423: An out-of-bounds was found in ntfs3 driver CVSS v3 score is not provided. In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. The ntfs3 module was introduced in 5.15-rc1 so that before 5.15 kernels aren't affected. Fixed status mainline: [54e45702b648b7c0000e90b3e9b890e367e16ea8] stable/5.15: [3a52f17867727818ae8dbcfd9425033df32f92e0] stable/6.1: [2f041a19f4eb72bcc851f9e3a15f3cfd1ae1addf] CVE-2022-48424: An oob memory access bug was found in ntfs3 driver CVSS v3 score is not provided. In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. The ntfs3 module was introduced in 5.15-rc1 so that before 5.15 kernels aren't affected. Fixed status mainline: [4f1dc7d9756e66f3f876839ea174df2e656b7f79] stable/5.15: [c878a915bcb992c12a97ebae1013e377158f560a] stable/6.1: [b343c40bb7ff9095430c3f31468a59f8a760dabd] CVE-2022-48425: fs/ntfs3: Validate MFT flags before replaying logs CVSS v3 score is not provided. In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. The ntfs3 module was introduced in 5.15-rc1 so that before 5.15 kernels aren't affected. Fixed status Patch is available in the linux-next There CVE-2023-1281: net/sched: tcindex: imperfect hash filters CVSS v3 score is not provided(NIST). CVSS v3 score is 7.8 HIGH(CNA). A race condition bug will cause a use-after-free in net/sched subsystem. This bug was introduced by commit 9b0d444 ("net: sched: avoid atomic swap in tcf_exts_change") in 4.14-rc1 so that 4.4 is not affected. Fixed status mainline: [ee059170b1f7e94e55fa6cadee544e176a6e59c2] stable/5.10: [eb8e9d8572d1d9df17272783ad8a84843ce559d4] stable/5.15: [becf55394f6acb60dd60634a1c797e73c747f9da] stable/6.1: [bd662ba56187b5ef8a62a3511371cd38299a507f] CVE-2023-1513: kvm: initialize all of the kvm_debugregs structure before sending it to userspace CVSS v3 score is not provided. A kernel information leak bug was found when processing KVM_GET_DEBUGREGS ioctl in kvm_vcpu_ioctl_x86_get_debugregs() in the kvm subsystem. It may leak information from uninitialized kvm_debugregs structure value. Kernel 4.4 might be affected by this issue. Fixed status mainline: [2c10b61421a28e95a46ab489fd56c0f442ff6952] stable/4.14: [1d43de93b35d85981006ec3c52c0cad8af1f2f6a] stable/4.19: [669c76e55de332fbcbce5b74fccef1b4698a8936] stable/5.10: [6416c2108ba54d569e4c98d3b62ac78cb12e7107] stable/5.15: [35351e3060d67eed8af1575d74b71347a87425d8] stable/5.4: [9f95a161a7deef62d6d2f57b1a69f94e0546d8d8] stable/6.1: [747ca7c8a0c7bce004709143d1cd6596b79b1deb] * Updated CVEs CVE-2022-38457: A use-after-free(UAF) vulnerability in vmxgfx driver The mainline and stable 6.1 were fixed. It was introduced by commit e14c02e ("drm/vmwgfx: Look up objects without taking a reference") in 4.20-rc1 so before 4.20 kernels aren't affected. Fixed status mainline: [a309c7194e8a2f8bd4539b9449917913f6c2cd50] stable/6.1: [7ac9578e45b20e3f3c0c8eb71f5417a499a7226a] CVE-2022-40133: A use-after-free(UAF) vulnerability in vmxgfx driver The mainline and stable 6.1 were fixed. It was introduced by commit e14c02e ("drm/vmwgfx: Look up objects without taking a reference") in 4.20-rc1 so before 4.20 kernels aren't affected. Fixed status mainline: [a309c7194e8a2f8bd4539b9449917913f6c2cd50] stable/6.1: [7ac9578e45b20e3f3c0c8eb71f5417a499a7226a] Currently tracking CVEs CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 There is no fix information. CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning No fix information. CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM No fix information. CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning No fix information. CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning No fix information. Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@...
More All Messages By This Member

1 - 1 of 1

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms