![]() ![]() The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. The original patches fixing CVE-2023-1076 are incorrect or incomplete. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. This was deemed as a false positive both by the reporter and upstream kernel.Ī flaw was found in the Linux kernel's TUN/TAP functionality. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. This issue may allow a local attacker to crash the system due to a missing sanity check.Ī flaw was found in the exFAT driver of the Linux kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.Ī NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. ![]() This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.Ī use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel informationĪ flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.Ī use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.Ī NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.Ī memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |