Slackware Linux update for kernel

1) Out-of-bounds write

EUVDB-ID: #VU77502

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-35788

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the fl_set_geneve_opt() function in net/sched/cls_flower.c in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Race condition

EUVDB-ID: #VU75338

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-45887

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in drivers/media/usb/ttusb-dec/ttusb_dec.c in Linux kernel. A local user can exploit the race and crash the kernel.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU75336

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-45886

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU78009

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3212

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the gfs2 file system in the Linux kernel. A local user can perform a denial of service (DoS) attack.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU75337

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-45919

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU75323

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-2124

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack..

The vulnerability exists due to a boundary condition within the XFS subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and crash the kernel.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU78941

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3609

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: cls_u32 component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU78457

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3117

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Netfilter subsystem. A local user with CAP_NET_ADMIN capability can trigger the use-after-free error and execute arbitrary code on the system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU78007

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3390

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within net/netfilter/nf_tables_api.c in the Linux kernel netfilter subsystem. A local user can trigger a use-after-fee error and escalate privileges on the system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU77704

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2023-3338

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the DECnet socket in net/decnet/dn_nsp_out.c. A local user can trigger a NULL pointer dereference and perform a denial of service (DoS) attack.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) Use-after-free

EUVDB-ID: #VU78779

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3610

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nf_tables component in Linux kernel netfilter. A local user with CAP_NET_ADMIN capability can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU78325

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-31248

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in nft_chain_lookup_byid() function, which failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace. A local user ca trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU79478

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-38432

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in fs/smb/server/smb2misc.c in ksmbd. A remote attacker can send specially crafted packets to the system to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU81662

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-3866

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the void __handle_ksmbd_work() function in fs/smb/server/server.c when handling chained requests. A remote attacker can send specially crafted data to the ksmbd and perform a denial of service (DoS) attack.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU79476

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-2898

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the f2fs_write_end_io() function in fs/f2fs/data.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU81660

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-44466

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the ceph_decode_32() function in net/ceph/messenger_v2.c in the Ceph filesystem when handling TCP packets. A remote attacker can send specially crafted HELLO or AUTH frames to trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU79712

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4132

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the siano smsusb module in the Linux kernel. A local user can trigger a use-after-free error and crash the kernel.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds write

EUVDB-ID: #VU78943

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3611

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the qfq_change_agg() function in net/sched/sch_qfq.c within the Linux kernel net/sched: sch_qfq component. A local user trigger an out-of-bounds write and execute arbitrary code on the target system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU78725

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48502

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the ntfs_set_ea() function in fs/ntfs3/xattr.c in Linux kernel ntfs3 subsystem. A local user can trigger an out-of-bounds read error and read contents of memory on the system or crash the OS kernel.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU81661

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-3865

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a remote user to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the ksmbd_smb2_check_message() function in fs/smb/server/smb2misc.c when parsing smb2_hdr structure. A remote user can send specially crafted packets to ksmbd, trigger an out-of-bounds read error and read contents of memory or perform a denial of service (DoS) attack.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds write

EUVDB-ID: #VU78326

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2023-35001

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the nft_byteorder() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

22) Use-after-free

EUVDB-ID: #VU79285

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3776

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU79479

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3863

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfc_llcp_find_local() function in net/nfc/llcp_core.c in NFC implementation in Linux kernel. A local user can execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU78572

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-20593

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in AMD Zen2 processors. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Note, the vulnerability was dubbed Zenbleed.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Resource management error

EUVDB-ID: #VU80121

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3777

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper handling of table rules flush in certain circumstances within the netfilter subsystem in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack or execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU79498

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2023-4004

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. A local user can execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

27) Buffer overflow

EUVDB-ID: #VU80123

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4015

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/nft_immediate.c when handling bound chain deactivation. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use-after-free

EUVDB-ID: #VU79713

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2023-4147

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

29) Resource exhaustion

EUVDB-ID: #VU77953

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-1206

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Information exposure through microarchitectural state after transient execution

EUVDB-ID: #VU79262

Risk: Medium

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-40982

CWE-ID: CWE-1342 - Information Exposure through Microarchitectural State after Transient Execution

Exploit availability: No

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to the way data is shared between threads whereby the AVX GATHER instructions on Intel processors can forward the content of stale vector registers to dependent instructions. A malicious guest can infer data from different contexts on the same core and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Information disclosure

EUVDB-ID: #VU79263

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-20569

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to a side channel issue in AMD CPUs. A remote user can influence the return address prediction and gain unauthorized access to sensitive information on the system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Division by zero

EUVDB-ID: #VU79239

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-20588

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a divide by zero error that can return speculative data. A local user can gain access to potentially sensitive information.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU79486

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4128

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU80586

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4208

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the cls_u32 component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU80580

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4206

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the cls_route component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU80587

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4207

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the cls_fw component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU79714

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-40283

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Memory leak

EUVDB-ID: #VU80584

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4569

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the nft_set_catchall_flush() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service attack.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds read

EUVDB-ID: #VU81919

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-39194

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the XFRM subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Stack-based buffer overflow

EUVDB-ID: #VU79487

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4273

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the implementation of the file name reconstruction function in the exFAT driver in Linux kernel. A local user can trigger a stack overflow and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) NULL pointer dereference

EUVDB-ID: #VU80578

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3772

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can perform a denial of service (DoS) attack.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU81693

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4921

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the qfq_dequeue() function within the the Linux kernel's net/sched: sch_qfq component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU81664

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4623

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: sch_hfsc (HFSC qdisc traffic control) component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds write

EUVDB-ID: #VU81663

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-42753

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Integer overflow

EUVDB-ID: #VU80877

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-42752

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow within the __alloc_skb() function. A local user can trigger integer overflow and crash the kernel.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Out-of-bounds read

EUVDB-ID: #VU82659

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-39189

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the nfnl_osf_add_callback() function in Linux kernel Netfilter. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Buffer overflow

EUVDB-ID: #VU83381

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-45871

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c when handling frames larger than the MTU. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Out-of-bounds read

EUVDB-ID: #VU81920

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-39193

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the sctp_mt_check() function in Netfilter subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Out-of-bounds read

EUVDB-ID: #VU81921

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-39192

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary condition within the the u32_match_it() function in Netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and gain access to sensitive information.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Out-of-bounds read

EUVDB-ID: #VU82305

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-42755

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the the IPv4 Resource Reservation Protocol (RSVP) classifier function in the Linux kernel. A local user can trigger an out-of-bounds read error and crash the Linux kernel.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) NULL pointer dereference

EUVDB-ID: #VU81452

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-42754

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU80177

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4563

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the nft_verdict_dump() function of the nftables sub-component. A local user can trigger a race condition between set GC and transaction and perform a DoS attack.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Use-after-free

EUVDB-ID: #VU82306

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4244

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Use-after-free

EUVDB-ID: #VU82304

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-5197

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Deadlock

EUVDB-ID: #VU81900

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-34324

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Division by zero

EUVDB-ID: #VU82660

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-31085

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a divide by zero error within the drivers/mtd/ubi/cdev.c driver. A local user can perform a denial of service (DoS) attack.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Input validation error

EUVDB-ID: #VU83440

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-5158

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the vringh_kiov_advance() function in drivers/vhost/vringh.c in the host side of a virtio ring. A malicious guest can crash the host OS via zero length descriptor.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Use-after-free

EUVDB-ID: #VU82758

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-35827

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Improper access control

EUVDB-ID: #VU82764

Risk: Low

CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2023-46813

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: Yes

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses. A local user can gain arbitrary write access to kernel memory and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

60) Out-of-bounds write

EUVDB-ID: #VU83311

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-5717

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Linux kernel's Linux Kernel Performance Events (perf) component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Use-after-free

EUVDB-ID: #VU82658

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2023-5178

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drivers/nvme/target/tcp.c in nvmet_tcp_free_crypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

Update the affected package kernel.

Slackware Linux: 15.0

linux-5.15.139/kernel-modules: before 5.15.139

linux-5.15.139/kernel-huge: before 5.15.139

linux-5.15.139/kernel-generic: before 5.15.139

linux-5.15.139/kernel-headers: before 5.15.139_smp

• cpe:2.3:o:slackware:slackware_linux:15.0:*:*:*:*:*:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-modules:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-huge:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-generic:*:*:*:*:*:slackware_linux:*:*
• cpe:2.3:o:slackware:linux-5.15.139_kernel-headers:*:*:*:*:*:slackware_linux:*:*

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.