Read Time:1 Minute, 57 Second

It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)

It was discovered that the OverlayFS implementation in the Linux kernel did
not properly handle copy up operation in some conditions. A local attacker
could possibly use this to gain elevated privileges. (CVE-2023-0386)

Haowei Yan discovered that a race condition existed in the Layer 2
Tunneling Protocol (L2TP) implementation in the Linux kernel. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-4129)

It was discovered that the network queuing discipline implementation in the
Linux kernel contained a null pointer dereference in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2022-47929)

It was discovered that the NTFS file system implementation in the Linux
kernel contained a null pointer dereference in some situations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-4842)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-0394)

It was discovered that the Human Interface Device (HID) support driver in
the Linux kernel contained a type confusion vulnerability in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-1073)

It was discovered that a memory leak existed in the SCTP protocol
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2023-1074)

It was discovered that the NFS implementation in the Linux kernel did not
properly handle pending tasks in some situations. A local attacker could
use this to cause a denial of service (system crash) or expose sensitive
information (kernel memory). (CVE-2023-1652)

Lianhui Tang discovered that the MPLS implementation in the Linux kernel
did not properly handle certain sysctl allocation failure conditions,
leading to a double-free vulnerability. An attacker could use this to cause
a denial of service or possibly execute arbitrary code. (CVE-2023-26545)

Read More

More Stories

kernel-6.3.7-100.fc37

FEDORA-2023-4426b7005f Packages in this update: kernel-6.3.7-100.fc37 Update description: The 6.3.7 stable kernel update contains a number of important fixes across...

kernel-6.3.7-200.fc38

FEDORA-2023-75b22000cd Packages in this update: kernel-6.3.7-200.fc38 Update description: The 6.3.7 stable kernel update contains a number of important fixes across...

chromium-114.0.5735.106-1.fc38

FEDORA-2023-6fe7ff3452 Packages in this update: chromium-114.0.5735.106-1.fc38 Update description: update to 114.0.5735.106. Fixes the following security issue: CVE-2023-3709 Read More

chromium-114.0.5735.106-1.el8

FEDORA-EPEL-2023-c018b37680 Packages in this update: chromium-114.0.5735.106-1.el8 Update description: update to 114.0.5735.106. Fixes the following security issue: CVE-2023-3709 Read More

chromium-114.0.5735.106-1.fc37

FEDORA-2023-f4954af225 Packages in this update: chromium-114.0.5735.106-1.fc37 Update description: update to 114.0.5735.106. Fixes the following security issue: CVE-2023-3709 Read More

chromium-114.0.5735.106-1.el9

FEDORA-EPEL-2023-5b8cf596eb Packages in this update: chromium-114.0.5735.106-1.el9 Update description: update to 114.0.5735.106. Fixes the following security issue: CVE-2023-3709 Read More

Generated by Feedzy