Lucene search

K
amazonAmazonALAS-2023-1803
HistoryAug 17, 2023 - 11:39 a.m.

Medium: kernel

2023-08-1711:39:00
alas.aws.amazon.com
24
buffer overrun
xen
netback driver
use-after-free
linux kernel
local privilege escalation
denial of service
information leak
network security

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.6%

Issue Overview:

A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet. This flaw allows an unprivileged guest to cause a denial of service (DoS) of the host by sending network packets to the backend, causing the backend to crash. (CVE-2023-34319)

A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128)

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system.

New Packages:

i686:  
    perf-debuginfo-4.14.322-170.535.amzn1.i686  
    kernel-devel-4.14.322-170.535.amzn1.i686  
    kernel-tools-debuginfo-4.14.322-170.535.amzn1.i686  
    kernel-debuginfo-4.14.322-170.535.amzn1.i686  
    kernel-tools-devel-4.14.322-170.535.amzn1.i686  
    kernel-debuginfo-common-i686-4.14.322-170.535.amzn1.i686  
    perf-4.14.322-170.535.amzn1.i686  
    kernel-tools-4.14.322-170.535.amzn1.i686  
    kernel-4.14.322-170.535.amzn1.i686  
    kernel-headers-4.14.322-170.535.amzn1.i686  
  
src:  
    kernel-4.14.322-170.535.amzn1.src  
  
x86_64:  
    kernel-debuginfo-common-x86_64-4.14.322-170.535.amzn1.x86_64  
    kernel-debuginfo-4.14.322-170.535.amzn1.x86_64  
    perf-debuginfo-4.14.322-170.535.amzn1.x86_64  
    kernel-devel-4.14.322-170.535.amzn1.x86_64  
    perf-4.14.322-170.535.amzn1.x86_64  
    kernel-4.14.322-170.535.amzn1.x86_64  
    kernel-headers-4.14.322-170.535.amzn1.x86_64  
    kernel-tools-4.14.322-170.535.amzn1.x86_64  
    kernel-tools-devel-4.14.322-170.535.amzn1.x86_64  
    kernel-tools-debuginfo-4.14.322-170.535.amzn1.x86_64  

Additional References

Red Hat: CVE-2023-34319, CVE-2023-4128

Mitre: CVE-2023-34319, CVE-2023-4128

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.6%