8 matches found
Siemens SIMATIC Devices Out-of-bounds Read (CVE-2023-42755)
A flaw was found in the IPv4 Resource Reservation Protocol RSVP classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the rsvpclassify function. This issue may allow a local user to crash the system and cause a denial of...
UBUNTU-CVE-2023-42755
A flaw was found in the IPv4 Resource Reservation Protocol RSVP classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the rsvpclassify function. This issue may allow a local user to crash the system and cause a denial of...
USN-6386-3 linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, linux-oracle-5.15 vulnerabilities
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...
USN-6386-2 linux-raspi vulnerabilities
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...
USN-6396-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Daniel Moghimi discovered that some IntelR Processors...
kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
A flaw was found in the TC flower classifier clsflower in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCAFLOWERKEYENCOPTSGENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters flsetgeneveopt,...
kernel: use-after-free in route4_change() in net/sched/cls_route.c
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...
kernel: use-after-free in route4_change() in net/sched/cls_route.c
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...