SB2024012652 - Dell EMC NetWorker vProxy update for third-party components
Published: January 26, 2024 Updated: January 4, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 63 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2023-3863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_llcp_find_local() function in net/nfc/llcp_core.c in NFC implementation in Linux kernel. A local user can execute arbitrary code with elevated privileges.
2) Out-of-bounds read (CVE-ID: CVE-2023-39192)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the the u32_match_it() function in Netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and gain access to sensitive information.
3) Out-of-bounds read (CVE-ID: CVE-2023-39193)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sctp_mt_check() function in Netfilter subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
4) Out-of-bounds read (CVE-ID: CVE-2023-39194)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the XFRM subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
5) NULL pointer dereference (CVE-ID: CVE-2023-42754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.
6) Use-after-free (CVE-ID: CVE-2023-4622)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the unix_stream_sendpage() function in af_unix component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
7) Use-after-free (CVE-ID: CVE-2023-4623)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: sch_hfsc (HFSC qdisc traffic control) component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
8) Use-after-free (CVE-ID: CVE-2023-4921)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the qfq_dequeue() function within the the Linux kernel's net/sched: sch_qfq component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
9) Integer overflow (CVE-ID: CVE-2022-36402)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. A local user can trigger an integer overflow and crash the kernel.
10) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2023-2007)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a race condition in dpt_i2o driver. A local privileged user can gain access to sensitive kernel information.
11) Division by zero (CVE-ID: CVE-2023-20588)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a divide by zero error that can return speculative data. A local user can gain access to potentially sensitive information.
12) Buffer overflow (CVE-ID: CVE-2023-34319)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in netback when processing certain packets. A malicious guest can send specially crafted packets to the backend, trigger memory corruption and crash the hypervisor.
13) NULL pointer dereference (CVE-ID: CVE-2023-3772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can perform a denial of service (DoS) attack.
14) Out-of-bounds write (CVE-ID: CVE-2023-3812)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the TUN/TAP device driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
15) Use-after-free (CVE-ID: CVE-2023-40283)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
16) Resource exhaustion (CVE-ID: CVE-2023-1206)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
17) Use-after-free (CVE-ID: CVE-2023-4128)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
18) Use-after-free (CVE-ID: CVE-2023-4132)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the siano smsusb module in the Linux kernel. A local user can trigger a use-after-free error and crash the kernel.
19) Use-after-free (CVE-ID: CVE-2023-4133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cxgb4 driver in the Linux kernel. A local user can trigger a use-after-free and crash the kernel.
20) Use-after-free (CVE-ID: CVE-2023-4134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cyttsp4_watchdog_work() in cyttsp4_core driver. A local user can trigger memory corruption and crash the kernel.
21) Type Confusion (CVE-ID: CVE-2023-4194)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a type confusion error in TUN/TAP functionality. A local user can bypass network filters and gain unauthorized access to some resources.
The vulnerability exists due to incomplete fix for #VU72742 (CVE-2023-1076).
22) NULL pointer dereference (CVE-ID: CVE-2023-4385)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the dbFree() function in fs/jfs/jfs_dmap.c in the journaling file system (JFS). A local user can perform a denial of service (DoS) attack.
23) Double Free (CVE-ID: CVE-2023-4387)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary error within the vmxnet3_rq_alloc_rx_buf() function in drivers/net/vmxnet3/vmxnet3_drv.c in VMware vmxnet3 ethernet NIC driver. A local user can trigger a double free error and gain access to sensitive information or crash the kernel.
24) NULL pointer dereference (CVE-ID: CVE-2023-4459)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the vmxnet3_rq_cleanup() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
25) Information disclosure (CVE-ID: CVE-2023-4641)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an error in gpasswd(1), which fails to clean memory properly. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. A local user with enough access can retrieve the password from the memory.
26) Key management errors (CVE-ID: CVE-2018-9234)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to missing enforcement of a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. A remote attacker can gain access to potentially sensitive information.
27) Memory leak (CVE-ID: CVE-2023-35945)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak when handling HTTP/2 requests within the nghttp2 codec. A remote attacker can send RST_STREAM immediately followed by the GOAWAY frames to the application and force memory leak.
28) Resource exhaustion (CVE-ID: CVE-2023-3341)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling control channel messages . A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
29) Resource exhaustion (CVE-ID: CVE-2023-38039)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not limit the size of received headers from a single request that are stored for future reference. A remote attacker can send overly large HTTP responses to the application and consume all memory resources.
30) Out-of-bounds read (CVE-ID: CVE-2023-4156)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in builtin.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
31) Use-after-free (CVE-ID: CVE-2023-1859)
The vulnerability allows a malicious guest to gain access to sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the xen_9pfs_front_removet() function in net/9p/trans_xen.c in Xen transport for 9pfs. A malicious guest VM can trigger a use-after-free error and gain access to sensitive information of the hypervisor or crash it.
32) Use-after-free (CVE-ID: CVE-2023-1192)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_is_status_io_timeout() function in Linux kernel. A local user can set environment variable to a specific value, trigger a use-after-free error and execute arbitrary code with elevated privileges.
33) Cryptographic issues (CVE-ID: CVE-2023-20900)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper verification of SAML token signature. A remote attacker can bypass SAML token signature verification and perform man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine.
34) Heap-based buffer overflow (CVE-ID: CVE-2023-4781)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error within the vim_regsub_both() function. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and crash the application.
35) Out-of-bounds write (CVE-ID: CVE-2023-5717)
The vulnerability local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's Linux Kernel Performance Events (perf) component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
36) Heap-based buffer overflow (CVE-ID: CVE-2023-45853)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the zipOpenNewFileInZip4_64() function from MiniZip. A remote attacker can create a specially crafted archive, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
37) XML External Entity injection (CVE-ID: CVE-2022-48565)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input within the plistlib module. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
38) Race condition (CVE-ID: CVE-2022-48566)
The vulnerability allows a remote attacker to gain access to sensitive information,
The vulnerability exists due to a race condition in compare_digest in Lib/hmac.py. A remote attacker can exploit the race and gain unauthorized access to sensitive information.
39) Out-of-bounds read (CVE-ID: CVE-2020-22217)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the ares_parse_soa_reply() function in ares_parse_soa_reply.c. A remote attacker can trigger an out-of-bounds read error and crash the application.
40) Buffer overflow (CVE-ID: CVE-2022-4904)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the config_sortlist() function. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
41) Heap-based buffer overflow (CVE-ID: CVE-2023-2137)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in sqlite. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
42) Use-after-free (CVE-ID: CVE-2023-5535)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the editing_arg_idx() function. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
43) Use-after-free (CVE-ID: CVE-2023-4733)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the do_ecmd() function in ex_cmds.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
44) Integer overflow (CVE-ID: CVE-2023-4734)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the f_fullcommand() function in ex_docmd.c. A remote attacker can trick the victim to open a specially crafted file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
45) Out-of-bounds read (CVE-ID: CVE-2023-4735)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the do_addsub() function in ops.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
46) Buffer overflow (CVE-ID: CVE-2023-4738)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error within the vim_regsub_both() function in src/regexp.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and crash the application.
47) Use-after-free (CVE-ID: CVE-2023-4752)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the ins_compl_get_exp() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
48) Division by zero (CVE-ID: CVE-2023-1127)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide by zero error within the scrolldown() function in move.c. A remote attacker can trick the victim to open a specially crafted file and crash the editor.
49) NULL pointer dereference (CVE-ID: CVE-2023-0394)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.
50) NULL pointer dereference (CVE-ID: CVE-2023-1264)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the utfc_ptr2len() function in mbyte.c.c. A remote attacker can trick the victim to open a specially crafted file and crash the editor.
51) NULL pointer dereference (CVE-ID: CVE-2023-1355)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in within the class_object_index() function in vim9class.c in Vim. A remote attacker can perform a denial of service (DoS) attack.
52) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2023-2426)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to an out-of-range pointer offset within the mb_charlen() function in mbyte.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
53) NULL pointer dereference (CVE-ID: CVE-2023-2609)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the get_register() function in register.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
54) Integer overflow (CVE-ID: CVE-2023-2610)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the regtilde() function in regexp.c. A remote attacker can trick the victim to open a specially crafted file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
55) Sequence of processor instructions leads to unexpected behavior (CVE-ID: CVE-2023-23583)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error related to processing of Sequence of processor instructions. A local user can execute arbitrary code with elevated privileges.
56) Improper Authorization (CVE-ID: CVE-2023-34058)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error when handling SAML token signature. A remote attacker that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.
57) Improper access control (CVE-ID: CVE-2023-34059)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the vmware-user-suid-wrapper. A local attacker can hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
58) Resource exhaustion (CVE-ID: CVE-2023-44487)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
59) Use-after-free (CVE-ID: CVE-2023-1829)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
60) Integer overflow (CVE-ID: CVE-2023-23559)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the rndis_query_oid() function in drivers/net/wireless/rndis_wlan.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
61) Out-of-bounds write (CVE-ID: CVE-2023-4692)
The vulnerability allows a local user to bypass secure boot protection.
The vulnerability exists due to a boundary error in NTFS driver implementation in grub-core/fs/ntfs.c when parsing the $ATTRIBUTE_LIST attribute for the $MFT file. A local user can pass a specially crafted image to the application, trigger an out-of-bounds write and bypass secure boot protection.
62) Out-of-bounds read (CVE-ID: CVE-2023-4693)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the NTFS driver in grub-core/fs/ntfs.c when reading data from the resident $DATA attribute. A attacker with physical access to the system use a specially crafted NTFS file system image to read arbitrary memory locations, such as data cached in memory or EFI variables values.
63) Memory leak (CVE-ID: CVE-2020-36766)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in drivers/media/cec/core/cec-api.c in Linux kernel. A local user can force the system to leak memory.
Remediation
Install update from vendor's website.