Main Vulnerability Database SB2023062251

SB2023062251 - Slackware Linux update for kernel

Published: June 22, 2023 Updated: June 16, 2024

Security Bulletin ID SB2023062251

Severity

Medium

Patch available

YES

Number of vulnerabilities 42

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 42 secuirty vulnerabilities.

1) Improper Initialization (CVE-ID: CVE-2022-2196)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization within nVMX in Linux kernel. A local user can perform speculative execution attacks and escalate privileges on the system.

2) Cross-thread return address predictions (CVE-ID: CVE-2022-27672)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosure.

3) Double Free (CVE-ID: CVE-2022-3707)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the intel_gvt_dma_map_guest_page() function in Intel GVT-g graphics driver. A local user can trigger a double free error and crash the kernel.

4) Deadlock (CVE-ID: CVE-2022-4269)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the Linux kernel Traffic Control (TC) subsystem. A local user can use a specific network configuration (redirecting egress packets to ingress using TC action "mirred") to trigger a CPU soft lockup.

5) Use-after-free (CVE-ID: CVE-2022-4379)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the __nfs42_ssc_open() function in fs/nfs/nfs4file.c. A remote attacker can perform a denial of service (DoS) attack.

6) Release of invalid pointer or reference (CVE-ID: CVE-2022-48425)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an invalid kfree in fs/ntfs3/inode.c caused by improper validation of MFT flags before replaying logs. A local user can execute arbitrary code with elevated privileges.

7) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2023-0459)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper implementation of speculative execution barriers in usercopy functions
in certain situations. A local user can gain access to sensitive information.

8) Type Confusion (CVE-ID: CVE-2023-1076)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error during initialization of TUN/TAP sockets. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

9) Type Confusion (CVE-ID: CVE-2023-1077)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the pick_next_rt_entity() function pick_next_rt_entity(). A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

10) Out-of-bounds write (CVE-ID: CVE-2023-1078)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the rds_rm_zerocopy_callback() function in Linux kernel RDS (Reliable Datagram Sockets) protocol. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

11) Use-after-free (CVE-ID: CVE-2023-1079)

The vulnerability allows an attacker to compromise the vulnerable system.

The vulnerability exists due to a use-after-free error within the asus_kbd_backlight_set() function when plugging in a malicious USB device. An attacker with physical access to the system can inject a malicious USB device, trigger a use-after-free error and execute arbitrary code.

12) Use-after-free (CVE-ID: CVE-2023-1118)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel integrated infrared receiver/transceiver driver "drivers/media/rc/ene_ir.c" when detaching rc device. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

13) Use-after-free (CVE-ID: CVE-2023-1281)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux kernel traffic control index filter (tcindex) when the tcf_exts_exec() function is called with the destroyed tcf_ext. A local user attacker can trigger a use-after-free error and execute arbitrary code with elevated privileges.

14) Out-of-bounds read (CVE-ID: CVE-2023-1380)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Broadcom Full MAC Wi-Fi driver (brcmfmac.ko). A local user can trigger an out-of-bounds read error and read contents of kernel memory on the system.

15) Improper Initialization (CVE-ID: CVE-2023-1513)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper initialization when calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems. A local user can run a specially crafted application to gain access to sensitive information.

16) Use-after-free (CVE-ID: CVE-2023-1611)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can trigger a use-after-free error and crash the kernel.

17) Use-after-free (CVE-ID: CVE-2023-1670)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Xircom 16-bit PCMCIA (PC-card) Ethernet driver. A local user can trigger a use-after-free error and execute arbitrary code on the system.

18) Use-after-free (CVE-ID: CVE-2023-1829)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.

19) Use-after-free (CVE-ID: CVE-2023-1855)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xgene_hwmon_remove() function in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). A local user can trigger a use-after-free error and execute arbitrary code on the system.

20) Use-after-free (CVE-ID: CVE-2023-1859)

The vulnerability allows a malicious guest to gain access to sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the xen_9pfs_front_removet() function in net/9p/trans_xen.c in Xen transport for 9pfs. A malicious guest VM can trigger a use-after-free error and gain access to sensitive information of the hypervisor or crash it.

21) Use-after-free (CVE-ID: CVE-2023-1989)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btsdio_remove() function in driversluetoothtsdio.c. A local user can trigger a use-after-free error and escalate privileges on the system.

22) Use-after-free (CVE-ID: CVE-2023-1990)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the ndlc_remove() function in drivers/nfc/st-nci/ndlc.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.

23) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-2002)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permissions check in the Bluetooth subsystem when handling ioctl system calls of HCI sockets. A local user can acquire a trusted socket, leading to unauthorized execution of management commands.

24) Reachable Assertion (CVE-ID: CVE-2023-2156)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when handling IPv6 RPL protocol. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

25) Use-after-free (CVE-ID: CVE-2023-2162)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error within the scsi_sw_tcp_session_create() function in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. A local user can trigger a use-after-free error and gain access to sensitive information.

26) Out-of-bounds write (CVE-ID: CVE-2023-2194)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Linux kernel's SLIMpro I2C device driver. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

27) Use-after-free (CVE-ID: CVE-2023-2235)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux Kernel Performance Events system. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

28) Improper locking (CVE-ID: CVE-2023-2269)

The vulnerability allows a local user to perform a denial of service attack (DoS).

The vulnerability exists due to double-locking error in table_clear in drivers/md/dm-ioctl.c. A local user can perform a denial of service (DoS) attack.

29) NULL pointer dereference (CVE-ID: CVE-2023-23004)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the get_sg_table() function in drivers/gpu/drm/arm/malidp_planes.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

30) Race condition (CVE-ID: CVE-2023-2483)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in Qualcomm EMAC Gigabit Ethernet Controller. An attacker with physical access to system can remove the device before cleanup in the emac_remove() function is called, trigger a use-after-free error and crash the kernel.

31) Use-after-free (CVE-ID: CVE-2023-25012)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the bigben_remove() function in drivers/hid/hid-bigbenff.c. An attacker with physical access to the system can attach a specially crafted USB device to the system and cause a denial of service condition.

32) Double Free (CVE-ID: CVE-2023-26545)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a double free in net/mpls/af_mpls.c during the renaming of a device. A local user can trigger a double free error and execute arbitrary code with elevated privileges.

33) Race condition (CVE-ID: CVE-2023-28466)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition caused by a missing lock_sock call within the do_tls_getsockopt() function in net/tls/tls_main.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

34) Use-after-free (CVE-ID: CVE-2023-2985)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the hfsplus_put_super() function in fs/hfsplus/super.c. A local user can trigger a use-after-free error and crash the kernel.

35) Input validation error (CVE-ID: CVE-2023-30456)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of consistency for for CR0 and CR4 in arch/x86/kvm/vmx/nested.c in the Linux kernel. A local user can execute arbitrary code with elevated privileges.

36) Race condition (CVE-ID: CVE-2023-30772)

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to a race condition in rivers/power/supply/da9150-charger.c in Linux kernel. An attacker with physical access to device can trigger a race condition while unplugin the device and execute arbitrary code on the system.

37) Out-of-bounds write (CVE-ID: CVE-2023-31436)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the qfq_change_class() function in net/sched/sch_qfq.c when handling the MTU value provided to the QFQ Scheduler. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

38) Use-after-free (CVE-ID: CVE-2023-32233)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Netfilter nf_tables when processing batch requests. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.

39) Use-after-free (CVE-ID: CVE-2023-32269)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in net/netrom/af_netrom.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability requires that the system has netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.

40) Race condition (CVE-ID: CVE-2023-33203)

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to a race condition in drivers/net/ethernet/qualcomm/emac/emac.c. An attacker with physical access to the system can exploit the race by unplugging an emac based device and execute arbitrary code with elevated privileges.

41) Use-after-free (CVE-ID: CVE-2023-33288)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the bq24190_remove function in drivers/power/supply/bq24190_charger.c. A local authenticated user can trigger a use-after-free error and perform a denial of service (DoS) attack.

42) Out-of-bounds read (CVE-ID: CVE-2023-34256)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within crc16 in lib/crc16.c when called from fs/ext4/super.c. A local user can trigger an out-of-bounds read error and crash the kernel.

Remediation

Install update from vendor's website.

References

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.816190

SB2023062251 - Slackware Linux update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human