Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7
CVSSv3

CVE-2023-1077

Published: 27/03/2023 Updated: 12/01/2024
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 0
Subscribe to Linux Kernel

Vulnerability Summary

kernel: Type confusion in pick_next_rt_entity(), which can result in memory corruption. (CVE-2023-1077) do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel up to and including 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

debian debian linux 10.0

netapp a700s_firmware -

netapp 8300_firmware -

netapp 8700_firmware -

netapp a400_firmware -

netapp c400_firmware -

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h410s_firmware -

netapp h410c_firmware -

Vendor Advisories

Amazon Linux 2: ALAS2LIVEPATCH-2023-119
kernel: Type confusion in pick_next_rt_entity(), which can result in memory corruption (CVE-2023-1077) do_tls_getsockopt in net/tls/tls_mainc in the Linux kernel through 626 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference) (CVE-2023-28466) ...
Amazon Linux 2: ALAS2KERNEL-5.15-2023-015
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1 An attacker at L2 with code execution can execute code on an indirect branch on the ...
Amazon Linux 2: ALAS2KERNEL-5.10-2023-028
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1 An attacker at L2 with code execution can execute code on an indirect branch on the ...
Amazon Linux 2: ALAS2LIVEPATCH-2023-120
kernel: Type confusion in pick_next_rt_entity(), which can result in memory corruption (CVE-2023-1077) do_tls_getsockopt in net/tls/tls_mainc in the Linux kernel through 626 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference) (CVE-2023-28466) ...
Amazon Linux 2: ALAS2LIVEPATCH-2023-121
kernel: Type confusion in pick_next_rt_entity(), which can result in memory corruption (CVE-2023-1077) do_tls_getsockopt in net/tls/tls_mainc in the Linux kernel through 626 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference) (CVE-2023-28466) ...
Amazon Linux 2: ALAS2KERNEL-5.4-2023-043
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1 An attacker at L2 with code execution can execute code on an indirect branch on the ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-843https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97https://lists.debian.org/debian-lts-announce/2023/05/msg00005.htmlhttps://security.netapp.com/advisory/ntap-20230511-0002/https://lists.debian.org/debian-lts-announce/2024/01/msg00004.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2023-119.htmlhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook