USN-6250-1: Linux kernel vulnerabilities

Read Time:1 Minute, 53 Second

Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS
implementation in the Ubuntu Linux kernel did not properly perform
permission checks in certain situations. A local attacker could possibly
use this to gain elevated privileges. (CVE-2023-2640)

It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading to an out-of-
bounds write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-3090)

Mingi Cho discovered that the netfilter subsystem in the Linux kernel did
not properly validate the status of a nft chain while performing a lookup
by id, leading to a use-after-free vulnerability. An attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-31248)

Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in
the Ubuntu Linux kernel did not properly perform permission checks in
certain situations. A local attacker could possibly use this to gain
elevated privileges. (CVE-2023-32629)

Ruihan Li discovered that the memory management subsystem in the Linux
kernel contained a race condition when accessing VMAs in certain
conditions, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2023-3269)

Querijn Voet discovered that a race condition existed in the io_uring
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3389)

It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle some error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3390)

Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel
did not properly handle certain pointer data type, leading to an out-of-
bounds write vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35001)

US Data Breach Victim Count Surges 26% Annually

M&S Grapples with Cyber Incident Affecting In-Store Services

Dutch Warn of “Whole of Society” Russian Cyber-Threat

UK Romance Scams Spike 20% as Online Dating Grows

Microsoft Reports 92% Adoption Rate for Phishing-Resistant MFA Among Corporate Users

Android Improves Its Security

SuperCard X Enables Contactless ATM Fraud in Real-Time

Billbug Espionage Group Deploys New Tools in Southeast Asia

New Cryptojacking Malware Targets Docker with Novel Mining Technique

USN-6250-1: Linux kernel vulnerabilities

USN-7445-1: Linux kernel vulnerabilities

A Vulnerability in SonicWall Secure Mobile Access (SMA) 100 Series Management Interface Could Allow for Remote Code Execution

USN-7402-5: Linux kernel (GCP) vulnerabilities

USN-7444-1: Synapse vulnerabilities

ZDI-CAN-26719: Delta Electronics

Erlang/OTP RCE (CVE-2025-32433)