Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-34256

Published: 31/05/2023 Updated: 11/04/2024
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Linux

Vulnerability Summary

An issue exists in the Linux kernel prior to 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

suse linux enterprise 15.0

suse linux enterprise 12.0

debian debian linux 10.0

Vendor Advisories

Amazon Linux AMI: ALAS-2023-1773
A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_apic function in the Linux kernel This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation (CVE-2022-2586) A heap buffer overflow flaw was found in the Linux ...
Amazon Linux 2: ALAS2KERNEL-5.4-2023-047
A flaw was found in the x86 KVM subsystem in kvm_steal_time_set_preempted in arch/x86/kvm/x86c in the Linux kernel Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations (CVE-2022-39189) A denial of service problem was found, due to a possible recursive lockin ...
Amazon Linux 2: ALAS2KERNEL-5.15-2023-021
In the Linux kernel through 627, fs/ntfs3/inodec has an invalid kfree because it does not validate MFT flags before replaying logs (CVE-2022-48425) A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling This issue results from the improper handling of user-supplied data, which can lead to an assertion fa ...
Amazon Linux 2: ALAS2KERNEL-5.10-2023-034
A flaw was found in the Linux kernel Traffic Control (TC) subsystem Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of ser ...
Amazon Linux 2: ALAS2-2023-2100
A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_apic function in the Linux kernel This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation (CVE-2022-2586) A heap buffer overflow flaw was found in the Linux ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0600b443ff4393d097c485fbc8d3ed3b
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-125https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3https://bugzilla.suse.com/show_bug.cgi?id=1211895https://lists.debian.org/debian-lts-announce/2023/07/msg00030.htmlhttps://lists.debian.org/debian-lts-announce/2023/10/msg00027.htmlhttps://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11https://alas.aws.amazon.com/ALAS-2023-1773.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook