10 matches found
EUVD-2023-44409
Malicious code in bioql PyPI...
EUVD-2023-54081
Malicious code in bioql PyPI...
kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function
A use-after-free vulnerability was found in fwsetparms in net/sched/clsfw.c in network scheduler sub-component in the Linux Kernel. This issue occurs due to a missing sanity check during cleanup at the time of failure, leading to a misleading reference. This may allow a local attacker to gain loc...
K000138731: Linux vulnerability CVE-2023-3776
Security Advisory Description A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, fwsetparms will immediately return an error after incrementing or decrementing the reference counter in...
RHEL 8 : kernel (RHSA-2023:5628)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5628 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: clsu32 component...
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests CVE-2023-3390 kernel:...
CVE-2023-4207
A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. When fwchange is called on an existing filter, the whole tcfresult struct is always copied into the new instance of the filter. This causes a problem when updati...
Ubuntu 20.04 LTS : Linux kernel (GCP) vulnerabilities (USN-6330-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6330-1 advisory. Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions...
CVE-2023-3776
A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, fwsetparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker ca...
CVE-2023-3776 Use-after-free in Linux kernel's net/sched: cls_fw component
A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, fwsetparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker ca...