A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. (CVE-2023-20588) A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. (CVE-2023-3390) A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. (CVE-2023-4004) A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local malicious user to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128) netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID (CVE-2023-4147) A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. (CVE-2023-4273)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
debian debian linux 12.0 |
||
amd epyc 7351p firmware - |
||
amd epyc 7401p firmware - |
||
amd epyc 7551p firmware - |
||
amd epyc 7251 firmware - |
||
amd epyc 7261 firmware - |
||
amd epyc 7281 firmware - |
||
amd epyc 7301 firmware - |
||
amd epyc 7351 firmware - |
||
amd epyc 7371 firmware - |
||
amd epyc 7401 firmware - |
||
amd epyc 7451 firmware - |
||
amd epyc 7501 firmware - |
||
amd epyc 7551 firmware - |
||
amd epyc 7571 firmware - |
||
amd epyc 7601 firmware - |
||
amd ryzen 5 pro 3400g firmware - |
||
amd ryzen 5 3400g firmware - |
||
amd ryzen 5 pro 3400ge firmware - |
||
amd ryzen 5 pro 3350g firmware - |
||
amd ryzen 5 pro 3350ge firmware - |
||
amd ryzen 3 pro 3200g firmware - |
||
amd ryzen 3 3200g firmware - |
||
amd ryzen 3 3200ge firmware - |
||
amd ryzen 3 pro 3200ge firmware - |
||
amd athlon pro 300ge firmware - |
||
amd athlon gold 3150ge firmware - |
||
amd athlon gold pro 3150ge firmware - |
||
amd athlon gold 3150g firmware - |
||
amd athlon gold pro 3150g firmware - |
||
amd athlon silver 3050ge firmware - |
||
amd athlon silver pro 3125ge firmware - |
||
xen xen - |
||
fedoraproject fedora 37 |
||
fedoraproject fedora 38 |
||
fedoraproject fedora 39 |
||
microsoft windows server 2008 r2 |
||
microsoft windows server 2012 r2 |
||
microsoft windows server 2008 - |
||
microsoft windows server 2012 - |
||
microsoft windows 10 1809 |
||
microsoft windows 11 21h2 |
||
microsoft windows 11 22h2 |
||
microsoft windows 10 22h2 |
||
microsoft windows 11 23h2 |
||
microsoft windows 10 1507 |
||
microsoft windows 10 1607 |
||
microsoft windows server 2022 23h2 |
||
microsoft windows server 2019 |
||
microsoft windows server 2016 |
||
microsoft windows 10 21h2 |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Microsoft fixed 36 flaws. Adobe addressed 212. Apple, Google, Cisco, VMware and Atlassian joined the party
It's the last Patch Tuesday of 2023, which calls for celebration – just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino disclosed yesterday may have already been used for evil purposes. While the fruit cart's December release fixes all the iThings, there's two especially concerning vulnerabilities in the WebKit (again) web browser engine that affect AppleTVs...