Published: 22/09/2023 Updated: 02/02/2024

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet. This flaw allows an unprivileged guest to cause a denial of service (DoS) of the host by sending network packets to the backend, causing the backend to crash. (CVE-2023-34319) A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local malicious user to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128)

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen
debian debian linux 10.0

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2022-4269 William Zhao discovered that a flaw in the Traffic Control (TC) subsystem when using a specific networking configuration (redirecting egress packets to ingress using TC action m ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2023-1206 It was discovered that the networking stack permits attackers to force hash collisions in the IPv6 connection lookup table, which may result in denial of service (significant in ...

A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet This flaw allows an unprivileged guest to cause a denial of service (DoS) of the host by sending network packets to the backend, causing the backend to crash (CVE-2023-34319) A use-after-free flaw was found in net/sched/cls_fwc in classifiers (cl ...

Description This CVE is under investigation by Red Hat Product Security ...

A Gather Data Sampling (GDS) transient execution side-channel vulnerability was found affecting certain Intel processors This issue may allow a local attacker using gather instruction (load from memory) to infer stale data from previously used vector registers on the same physical core (CVE-2022-40982) A division-by-zero error on some AMD process ...

A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet This flaw allows an unprivileged guest to cause a denial of service (DoS) of the host by sending network packets to the backend, causing the backend to crash (CVE-2023-34319) A use-after-free flaw was found in net/sched/cls_fwc in classifiers (cl ...

A flaw in the Linux Kernel found in the GFS2 file system On corrupted gfs2 file systems the evict code can try to reference the journal descriptor structure, jdesc, after it has been freed and set to NULL It can lead to null pointer dereference when gfs2_trans_begin being called and then fail ingfs2_evict_inode() (CVE-2023-3212) A buffer overrun ...

  ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-787 https://xenbits.xenproject.org/xsa/advisory-432.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20240202-0001/https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5480 https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10 https://alas.aws.amazon.com/ALAS-2023-1803.html

CVE-2023-34319

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect