15 matches found
EUVD-2023-44258
Malicious code in bioql PyPI...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
K000138731: Linux vulnerability CVE-2023-3776
Security Advisory Description A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, fwsetparms will immediately return an error after incrementing or decrementing the reference counter in...
kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails
A double-free flaw was found in u32setparms in net/sched/clsu32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat...
Important: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails
A double-free flaw was found in u32setparms in net/sched/clsu32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat...
kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function
A use-after-free vulnerability was found in fwsetparms in net/sched/clsfw.c in network scheduler sub-component in the Linux Kernel. This issue occurs due to a missing sanity check during cleanup at the time of failure, leading to a misleading reference. This may allow a local attacker to gain loc...
kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails
A double-free flaw was found in u32setparms in net/sched/clsu32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat...
kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function
A use-after-free vulnerability was found in fwsetparms in net/sched/clsfw.c in network scheduler sub-component in the Linux Kernel. This issue occurs due to a missing sanity check during cleanup at the time of failure, leading to a misleading reference. This may allow a local attacker to gain loc...
CVE-2023-3609
A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker...
CVE-2023-3776
A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, fwsetparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker ca...
CVE-2023-3609
A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker...
CVE-2023-3776 Use-after-free in Linux kernel's net/sched: cls_fw component
A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, fwsetparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker ca...
CVE-2023-3776 Use-after-free in Linux kernel's net/sched: cls_fw component
A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, fwsetparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker ca...
CVE-2023-3609 Use-after-free in Linux kernel's net/sched: cls_u32 component
A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker...