ROS-20230904-01

The vulnerability of the qfq_change_class() function of the Linux kernel is related to the operation exceeding the buffer boundaries in memory while processing the QFQ_MIN_LMAX value.
buffer boundaries in memory when processing the QFQ_MIN_LMAX value. Exploitation of the vulnerability could allow
an intruder to affect confidentiality, integrity and availability of protected information.

Vulnerability of the ntfs_set_ea() function in the fs/ntfs3/xattr.c module of the ntfs file system driver in the kernel of the
of Linux operating system is related to reading data outside the allocated buffer due to incorrect buffer boundary definition.
due to incorrect buffer boundary definition. Exploitation of the vulnerability could allow an intruder to gain access to protected
information or cause a denial of service.

The vulnerability of the f2fs_write_end_io() function in the fs/f2fs/data.c module of the f2fs file system of the Linux kernel is related to the dereferencing of data in the f2fs file system.
Linux kernel is related to dereferencing a null pointer from competitive resource access (race condition).
race). Exploitation of the vulnerability could allow an attacker, to cause a denial of service.

A vulnerability in the vcs_read() function in the drivers/tty/vt/vc_screen.c module of the Linux operating system kernel
is related to the use of previously freed memory due to competitive access to a resource (race condition).
race condition). Exploitation of the vulnerability could allow an attacker to impact the confidentiality,
integrity and availability of protected information.

A vulnerability in the xfrm_update_ae_params() function in the net/xfrm/xfrm_user.c module of the XFRM subsystem of the kernel of the
of Linux operating system is related to null pointer dereferencing. Exploitation of the vulnerability could
allow an attacker to cause a denial of service.

A vulnerability in the nft_pipapo_remove() function in the net/netfilter/nft_set_pipapo.c module of the netfilter subsystem of the netfilter subsystem of the Linux kernel is related to the reuse of a null pointer.
of the Linux operating system is related to the reuse of previously freed memory. Exploitation
exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity, and availability of protected information or to enhance the confidentiality, integrity, and
availability of protected information or to escalate privileges.

The cedrus_remove() vulnerability in the drivers/staging/media/sunxi/cedrus/cedrus.c module of the Allwinner sunXi driver in the Linux operating system kernel is related to the reuse of previously freed memory.
of the Linux kernel is related to the reuse of previously freed memory due to the
competitive access to the resource (race condition). Exploitation of the vulnerability could allow an attacker to
to impact the confidentiality, integrity, and availability of protected information.

The vulnerability of the mctp_unregister() function of the Linux operating system kernel is related to the use of memory
after its release when processing the mdev->addrs object. Exploitation of the vulnerability could allow
an attacker to cause a denial of service.

A vulnerability in the Linux operating system kernel is related to the detection of a race condition when deleting a module
before clearing it using the r592_remove function in the Linux kernel’s r592 device driver. Exploitation of the
of the vulnerability could allow an attacker to cause a post-release utilization problem, which could
lead to a system crash or other undefined behavior.

The vulnerability in the Linux kernel DVB driver is related to the use of previously freed
memory in the drivers/media/dvb-core/dvb_net.c module, caused by a race condition between the disconnect functions
and dvb_device_open functions. Exploitation of the vulnerability could allow an attacker to cause a denial of service or to
escalate their privileges.

A vulnerability in the qfq_change_agg() function in the net/sched/sch_qfq.c module of the Linux operating system kernel involves
with writing outside the allocated buffer due to lack of boundary control. Exploitation of the vulnerability
could allow an attacker to affect the confidentiality, integrity, and availability of the protected information or to increase their privileges.
of protected information or elevate their privileges on the system.

A vulnerability in the Linux kernel networking subsystem is related to the lack of proper handling of user-supplied data.
data provided by the user. Exploitation of the vulnerability could allow an attacker acting remotely,
send specially crafted packets to the system and perform a denial-of-service attack

Vulnerability of the init_cea_offsets() function in the /arch/x86/mm/cpu_entry_area.c module of the memory management subsystem of the Linux kernel is related to the following vulnerability
The vulnerability of the Linux kernel memory management subsystem is related to the availability of the per-cpu memory area for the
user address space. Exploitation of the vulnerability could allow an attacker to gain
access to protected information and escalate privileges.

Vulnerability of usb_giveback_urb function of Linux operating system kernel is related to execution of a loop with an inaccessible exit condition.
unavailable exit condition. Exploitation of the vulnerability allows an attacker to cause a denial of service.

A vulnerability in the StackRot memory management subsystem of a Linux kernel is related to
memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker,
remotely to escalate privileges or cause a denial of service.

Vulnerability in the l2cap_sock_release (net/bluetooth/l2cap_sock.c) functions of the Linux operating system kernel is related to memory usage after it has been freed.
is related to memory usage after memory is released. Exploitation of the vulnerability could allow an
an attacker to cause a denial of service or other impact.

Vulnerability in the cxgb4_cleanup_tc_flower() function in module
drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c of the Chelsio cxgb4 driver in the operating system kernel of
Linux is related to the reuse of previously freed memory. Exploitation of the vulnerability could
allow an attacker to cause a denial of service.

A vulnerability in the net/sched component of the Linux kernel is related to the reuse of previously freed memory in the fw function.
previously freed memory in the fw_change() function in the net/sched/cls_fw.c module, as well as u32_init_knode() in the
net/sched/cls_u32 and route4_change() in net/sched/cls_route.c. Exploitation of the vulnerability could allow an
an attacker to affect the confidentiality, integrity, and availability of protected information
or elevate their privileges.

The vulnerability of the u32_set_parms() function in the net/sched/cls_u32.c module of the Linux operating system kernel is related to
to incorrectly maintain usage counters. Exploitation of the vulnerability could allow an attacker to
to affect the confidentiality, integrity, and availability of data.

The vulnerability in the Linux kernel is related to a memory leak in drivers/media/usb/ttusb-dec/ttusb_dec.c due to the
missing dvb_frontend_detach call. Exploitation of the vulnerability could allow an attacker to perform a
a denial-of-service attack.

Vulnerability of renesas_usb3_remove() function in drivers/usb/gadget/udc/renesas_usb3.c module of USB driver
Renesas devices of the Linux kernel is related to the reuse of previously freed memory due to competitive access to the resource.
memory due to competitive access to the resource (race condition). Exploitation of the vulnerability could allow
an attacker to affect the confidentiality, integrity and availability of protected information.

The vulnerability of the Netfilter subsystem of the Linux kernel is related to the use of memory after its
memory after its release when processing the NFT_MSG_NEWRULE parameter. Exploitation of the vulnerability could allow an attacker to
to affect confidentiality, integrity and availability of protected information.

A vulnerability in the xfs_btree_lookup_get_block() function of the Linux kernel is related to the use of
memory after it has been freed. Exploitation of the vulnerability could allow an attacker to impact the
confidentiality, integrity, and availability of protected information.

A vulnerability in the io_poll_update() function in the io_uring/io_uring.c module of the Linux kernel is related to the use of previously freed memory.
with the use of previously freed memory. Exploitation of the vulnerability could allow an attacker to escalate his privileges.
privileges.

A vulnerability in the nft_byteorder_eval() function in the net/netfilter/nft_byteorder.c module of the Linux operating system kernel is related to an operation overrun.
Linux is related to an operation exceeding buffer boundaries in memory when processing pointers. Exploitation
exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected information.
availability of protected information.

A vulnerability in the Linux operating system kernel is related to a boundary condition in the SR-IPv6 implementation during the
seg6 attribute processing. Exploitation of the vulnerability could allow an attacker to cause a read error outside the
outside of the acceptable range and read the memory contents of the system.

A vulnerability in the IPv6 implementation of the Linux operating systems kernel protocol is related to uncontrolled
resource consumption during hash table processing. Exploitation of the vulnerability could allow an attacker,
acting remotely, to cause a denial of service by sending multiple SYN requests

Vulnerability of the dm1105_remove() function in the drivers/media/pci/dm1105/dm1105.c module of the TV Tuner driver on the
DM1105 chip of the Linux kernel is related to the reuse of previously freed memory due to competitive access to the resource.
memory due to competitive access to the resource (race condition). Exploitation of the vulnerability could allow
an intruder to affect confidentiality, integrity and availability of protected information.

A vulnerability in the do_journal_end() function in the fs/reiserfs/journal.c module of the reiserfs file system of the kernel of the
of Linux operating system is related to a buffer overrun. Exploitation of the vulnerability
could allow an attacker to cause a denial of service.

A vulnerability in the XFS file system of the Linux kernel is related to insufficient control of the
of metadata when mounting images with the XFS file system in the function
xlog_recover_buf_commit_pass2() in the fs/xfs/xfs_buf_item_recover.c module. Exploitation of the vulnerability could
allow an attacker to cause a denial of service or escalate privileges.

A vulnerability in the fw_set_parms() function in the net/sched/cls_fw.c module of the Linux operating system kernel is
is related to the reuse of previously freed memory. Exploitation of the vulnerability could allow
an attacker to affect the confidentiality, integrity, and availability of protected information and to
elevate their privileges.

A vulnerability in the DVB driver (drivers/media/dvb-core/dvb_frontend.c) of the Linux kernel is related to the reuse of previously freed memory.
with the reuse of previously freed memory. Exploitation of the vulnerability could allow
an attacker to cause a denial of service or escalate privileges.

A vulnerability in the nft_immediate_destroy() function in the net/netfilter/nft_immediate.c module of the Netfilter subsystem of the
of the Linux kernel is related to incorrect maintenance of usage counters. Exploitation
The exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity and availability of data.
data availability.

Vulnerability of the nf_tables_commit() function in the net/netfilter/nf_tables_api.c module of the Linux operating system kernel is related to incorrect maintenance of usage counters.
Linux is related to incorrect list deletion. Exploitation of the vulnerability could allow an attacker to
to affect the confidentiality, integrity, and availability of data, or elevate their privileges
on the system and execute arbitrary code.

A vulnerability in the submit_lookup_cmds() function of Linux kernel operating systems is related to dereferencing errors of
pointers. Exploitation of the vulnerability could allow an attacker to cause a denial of service.

A vulnerability in the XFRM subsystem of the Linux kernel is related to reading memory outside the boundaries of the allocated buffer in the net module.
of the allocated buffer in the net/xfrm/xfrm_user.c module. Exploitation of the vulnerability could allow an attacker to
to gain access to protected information.

Vulnerability of tun_napi_alloc_frags() function in drivers/net/tun.c module of TUN/TAP driver of the Linux kernel is related to the lack of control over the boundaries of the allocated buffer in the drivers/net/tun.c module of the TUN/TAP driver.
Linux kernel is related to the lack of control over the boundaries of the allocated buffer. Exploitation of the vulnerability could
allow an attacker to compromise the confidentiality, integrity, and availability of protected
information or escalate their privileges.

Vulnerability in the rkvdec_remove() function in the drivers/staging/media/rkvdec/rkvdec.c module of the Rockchip driver
Video Decoder kernel of the Linux operating system is related to the reuse of previously freed
memory due to competitive access to the resource (race condition). Exploitation of the vulnerability could allow
an attacker to affect the confidentiality, integrity and availability of protected information.

Vulnerability in the nft_chain_lookup_byid() function in the net/netfilter/nf_tables_api.c module of the netfilter
netfilter module of the Linux kernel is related to the reuse of previously freed memory due to competitive access to the resource.
memory due to competitive access to the resource (race condition). Exploitation of the vulnerability could allow
an intruder to escalate privileges and impact the confidentiality, integrity, and availability of the
of protected information.

A vulnerability in the tap_open() function in the drivers/net/tap.c module of the TUN/TAP driver of the operating system kernel of
Linux is related to incorrect UID initialization. Exploitation of the vulnerability could allow an attacker to
to impact data integrity or elevate privileges.

A vulnerability in the do_submit_urb() function in the drivers/media/usb/siano/smsusb.c module of the digital TV driver siano
of the Linux kernel is related to the use of previously freed memory. Exploitation
of the vulnerability could allow an attacker to cause a denial of service.

A vulnerability in the netfilter network shield of the Linux kernel is related to incorrect handling of
when adding rules to the nf_tables_newrule() function in the net/netfilter/nf_tables_api.c module. Exploitation of the
vulnerability could allow an attacker to affect the confidentiality, integrity and availability of protected information.
availability of protected information.

A vulnerability in the Linux operating system kernel IPVLAN driver is related to writing beyond buffer boundaries in
memory. Exploitation of the vulnerability could allow an attacker to escalate his privileges.

A vulnerability in AMD processor firmware is related to a lack of service data protection.
Exploitation of the vulnerability could allow a remote attacker to determine the memory contents of other users’ processes.
of other users’ processes.

Vulnerability of the r592_remove() function in the drivers/memstick/host/r592.c module of the Linux operating system kernel
is related to the use of previously freed memory due to competitive access to resources (race condition).
race condition). Exploitation of the vulnerability could allow an attacker to impact the confidentiality and
availability of protected information.

A vulnerability in the nfc_llcp_find_local() function in the net/nfc/llcp_core.c module of the Linux operating system kernel
is related to the reuse of previously freed memory. Exploitation of the vulnerability could allow
an attacker to affect confidentiality, integrity and availability of protected information.

Vulnerability of the sock_hash_delete_elem() function in the net/core/sock_map.c module of the Linux kernel is related to incorrect segregation of previously freed memory.
is related to incorrect serialization of the htab->buckets[i].lock resource. Exploitation of the vulnerability could
allow an attacker to cause a denial of service.

A vulnerability in the xen_9pfs_front_remove() function in the net/9p/trans_xen.c module of the Xen hypervisor of the Xen kernel of the Linux operating system
Linux operating system kernel is related to race condition. Exploitation of the vulnerability could allow an attacker to gain
access to protected information or cause a denial of service.

Vulnerability in the saa7134_finidev() function in the drivers/media/pci/saa7134/saa7134-core.c module of the Philips driver
SAA7134 kernel of the Linux operating system is related to the reuse of a previously freed due to a
competitive access to the resource (race condition). Exploitation of the vulnerability could allow an attacker to
to impact the confidentiality, integrity, and availability of protected information.

Intel processor firmware vulnerability is related to information leakage from vector
registers. Exploitation of the vulnerability could allow an attacker to gain access to protected information.

Vulnerability of the nft_set_lookup_global() function of the Netfilter subsystem of Linux kernel operating systems is related to
memory usage after its release when processing batch requests. Exploitation of the vulnerability
could allow an attacker to escalate privileges and cause a denial of service