Lucene search
AmazonALAS2-2023-2206HistoryAug 17, 2023 - 11:58 a.m.
Medium: kernel
2023-08-1711:58:00
alas.aws.amazon.com
12
buffer overrun
use-after-free
xen netback driver
linux kernel
privilege escalation
denial of service
amazon linux 2
Issue Overview:
A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet. This flaw allows an unprivileged guest to cause a denial of service (DoS) of the host by sending network packets to the backend, causing the backend to crash. (CVE-2023-34319)
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
New Packages:
aarch64:
kernel-4.14.322-244.536.amzn2.aarch64
kernel-headers-4.14.322-244.536.amzn2.aarch64
kernel-debuginfo-common-aarch64-4.14.322-244.536.amzn2.aarch64
perf-4.14.322-244.536.amzn2.aarch64
perf-debuginfo-4.14.322-244.536.amzn2.aarch64
python-perf-4.14.322-244.536.amzn2.aarch64
python-perf-debuginfo-4.14.322-244.536.amzn2.aarch64
kernel-tools-4.14.322-244.536.amzn2.aarch64
kernel-tools-devel-4.14.322-244.536.amzn2.aarch64
kernel-tools-debuginfo-4.14.322-244.536.amzn2.aarch64
kernel-devel-4.14.322-244.536.amzn2.aarch64
kernel-debuginfo-4.14.322-244.536.amzn2.aarch64
i686:
kernel-headers-4.14.322-244.536.amzn2.i686
src:
kernel-4.14.322-244.536.amzn2.src
x86_64:
kernel-4.14.322-244.536.amzn2.x86_64
kernel-headers-4.14.322-244.536.amzn2.x86_64
kernel-debuginfo-common-x86_64-4.14.322-244.536.amzn2.x86_64
perf-4.14.322-244.536.amzn2.x86_64
perf-debuginfo-4.14.322-244.536.amzn2.x86_64
python-perf-4.14.322-244.536.amzn2.x86_64
python-perf-debuginfo-4.14.322-244.536.amzn2.x86_64
kernel-tools-4.14.322-244.536.amzn2.x86_64
kernel-tools-devel-4.14.322-244.536.amzn2.x86_64
kernel-tools-debuginfo-4.14.322-244.536.amzn2.x86_64
kernel-devel-4.14.322-244.536.amzn2.x86_64
kernel-debuginfo-4.14.322-244.536.amzn2.x86_64
kernel-livepatch-4.14.322-244.536-1.0-0.amzn2.x86_64
Additional References
Red Hat: CVE-2023-34319, CVE-2023-4128
Mitre: CVE-2023-34319, CVE-2023-4128
Related
nessus
nessus
Amazon Linux AMI : kernel (ALAS-2023-1803)
2023-08-23 00:00:00
Amazon Linux 2 : kernel (ALAS-2023-2206)
2023-08-23 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2023-051)
2023-08-23 00:00:00
amazon
amazon
Medium: kernel
2023-08-17 11:39:00
Important: kernel
2023-09-13 23:15:00
Important: kernel
2023-09-27 22:48:00
cve
cve
CVE-2023-34319
2023-09-22 14:15:45
CVE-2023-4128
2023-08-10 17:15:12
prion
prion
Buffer overflow
2023-09-22 14:15:00
Design/Logic Flaw in Fedoraproject - Fedora
2023-08-10 17:15:00
debiancve
debiancve
CVE-2023-34319
2023-09-22 14:15:45
CVE-2023-4128
2023-08-10 17:15:12
alpinelinux
alpinelinux
CVE-2023-34319
2023-09-22 14:15:45
cvelist
cvelist
CVE-2023-34319 Linux: buffer overrun in netback due to unusual packet
2023-09-22 13:34:44
xen
xen
Linux: buffer overrun in netback due to unusual packet
2023-08-08 15:53:00
ubuntucve
ubuntucve
redhatcve
redhatcve
githubexploit
githubexploit
Exploit for Use After Free in Linux Linux Kernel
2023-09-20 04:43:28
Exploit for CVE-2023-4128
2023-09-19 06:45:47
cnvd
cnvd
Linux Kernel Memory Misreference Vulnerability (CNVD-2023-65165)
2023-08-14 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-4128 affecting package kernel for versions less than 5.15.126.1-1
2023-08-30 14:44:06
openvas
openvas
Fedora: Security Advisory for kernel (FEDORA-2023-ddfd3073b3)
2023-08-10 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2023-638681260a)
2023-08-10 00:00:00
Ubuntu: Security Advisory (USN-6343-1)
2023-09-07 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: kernel-6.4.9-100.fc37
2023-08-10 00:43:46
[SECURITY] Fedora 38 Update: kernel-6.4.9-200.fc38
2023-08-10 00:43:18
[SECURITY] Fedora 38 Update: kernel-6.4.10-200.fc38
2023-08-14 01:34:28
ubuntu
ubuntu
Linux kernel (OEM) vulnerabilities
2023-09-06 00:00:00
Linux kernel vulnerabilities
2023-09-19 00:00:00
Linux kernel vulnerabilities
2023-09-26 00:00:00
osv
osv
linux-oem-6.1 vulnerabilities
2023-09-06 12:32:04
linux-bluefield, linux-raspi, linux-raspi-5.4 vulnerabilities
2023-09-26 22:44:13
redhat
redhat
(RHSA-2023:5580) Important: kpatch-patch security update
2023-10-10 10:10:40
(RHSA-2023:5588) Important: kernel-rt security and bug fix update
2023-10-10 14:00:01
(RHSA-2023:5589) Important: kernel security and bug fix update
2023-10-10 14:00:09
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0458
2023-08-27 00:00:00
citrix
citrix
virtuozzo
virtuozzo
ibm
ibm
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2023-08-23 22:56:41
Updated kernel packages fix security vulnerabilities
2023-08-23 22:56:41
oraclelinux
oraclelinux
kernel security update
2023-11-22 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2024-01-12 19:36:38