Published: 27/03/2023 Updated: 11/08/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

In the Linux kernel prior to 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. (CVE-2022-47929) A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. (CVE-2023-0179) A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394) cbq_classify in net/sched/sch_cbq.c in the Linux kernel up to and including 6.1.4 allows malicious users to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454) atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel up to and including 6.1.4 allows malicious users to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23455)

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 20.04
canonical ubuntu linux 22.04
fedoraproject fedora 36
fedoraproject fedora 37
redhat enterprise linux 9.0
redhat enterprise linux server for power little endian update services for sap solutions 9.0
redhat enterprise linux for power little endian eus 9.0
redhat enterprise linux for power little endian 9.0
redhat enterprise linux eus 9.0
redhat enterprise linux for real time for nfv 9.0
redhat enterprise linux for real time 9.0
redhat enterprise linux server 9.0
redhat enterprise linux for ibm z systems 9.0
redhat codeready_linux_builder -

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2022-2873 Zheyu Ma discovered that an out-of-bounds memory access flaw in the Intel iSMT SMBus 20 host controller driver may result in denial of service (system crash) CVE-2022-3545 ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat P ...

Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Securit ...

Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product S ...

DescriptionA buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code executionA buffer overflow vulnerability was found in the Netfilter subsystem in the Li ...

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution (CVE-2023-0179) ...

In the Linux kernel before 616, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands This affects qdisc_graft in net/sched/sch_apic (CVE-2022-47929) A buffer ove ...

Needle (CVE-2023-0179) exploit This repository contains the exploit for my recently discovered vulnerability in the nftables subsystem that was assigned CVE-2023-0179, affecting all Linux versions from 55 to 62-rc3, although the exploit was tested on 616 The vulnerability details and writeup can be found on oss-security Building instructions Just invoke the make needle com

针对（CVE-2023-0179）漏洞利用该漏洞被分配为CVE-2023-0179，影响了从5.5到6.2-rc3的所有Linux版本，该漏洞在6.1.6上被测试。漏洞的细节和文章可以在os-security上找到。

CWE-190 https://bugzilla.redhat.com/show_bug.cgi?id=2161713 https://seclists.org/oss-sec/2023/q1/20 http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNS-0093-1.html https://security.netapp.com/advisory/ntap-20230511-0003/https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5324 https://github.com/H4K6/CVE-2023-0179-PoC https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2023-026.html

Get Started

CVE-2023-0179

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect