Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-3776

Published: 21/07/2023 Updated: 02/02/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Linux Kernel

Vulnerability Summary

An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an malicious user to potentially access sensitive information. (CVE-2023-20593) An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. (CVE-2023-3611) A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. (CVE-2023-3776)

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 6.5

linux linux kernel

debian debian linux 10.0

debian debian linux 11.0

debian debian linux 12.0

Vendor Advisories

Debian Security Advisories: DSA-5480-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2022-4269 William Zhao discovered that a flaw in the Traffic Control (TC) subsystem when using a specific networking configuration (redirecting egress packets to ingress using TC action m ...
Debian Security Advisories: DSA-5492-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2023-1206 It was discovered that the networking stack permits attackers to force hash collisions in the IPv6 connection lookup table, which may result in denial of service (significant in ...
Amazon Linux AMI: ALAS-2023-1792
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter() If an attacker can control the reference counter and se ...
Red Hat: Important: kpatch-patch security update
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 82 Update Services for SAP SolutionsRed Hat Produ ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 77 Advanced Update SupportRed Hat Product Security has rated ...
Red Hat: Important: kpatch-patch security update
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Securit ...
Red Hat: Important: kpatch-patch security update
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Securit ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 76 Advanced Update SupportRed Hat Product Security has rated ...
Red Hat: Important: Logging Subsystem 5.7.7 - Red Hat OpenShift security update
Synopsis Important: Logging Subsystem 577 - Red Hat OpenShift security update Type/Severity Security Advisory: Important Topic Logging Subsystem 577 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sev ...
Red Hat: Important: Logging Subsystem 5.6.12 - Red Hat OpenShift security update
Synopsis Important: Logging Subsystem 5612 - Red Hat OpenShift security update Type/Severity Security Advisory: Important Topic Logging Subsystem 5612 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...
Red Hat: Important: OpenShift Container Platform 4.11.52 bug fix and security update
Synopsis Important: OpenShift Container Platform 41152 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41152 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Red Hat: Important: OpenShift Container Platform 4.12.39 bug fix and security update
Synopsis Important: OpenShift Container Platform 41239 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41239 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Red Hat: Important: kpatch-patch security update
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 84 Update Services for SAP SolutionsRed Hat Produ ...
Red Hat: Important: kernel-rt security update
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 82 Telecommunications Update ServiceRed Hat Product Sec ...
Red Hat: Important: kernel-rt security update
Synopsis Important: kernel-rt security update Type / Sévérité Security Advisory: Important Analyse des correctifs dans Red Hat Insights Identifiez et remédiez aux systèmes concernés par cette alerte Voir les systèmes concernés Sujet An update for kernel-rt is now available for Red Hat Enterprise Linux 90 Extended Update Su ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Securit ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, Red H ...
Red Hat: Important: kernel-rt security update
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as havin ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Lin ...
Red Hat: Important: kernel security update
概要 Important: kernel security update タイプ/重大度 Security Advisory: Important Red Hat Insights パッチ分析 このアドバイザリーの影響を受けるシステムを特定し、修正します。 影響を受けるシステムの表示 トピック An update for kernel is now available for Red Hat Enterprise Lin ...
Red Hat: Important: kpatch-patch security update
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Red Hat: Important: kernel-rt security update
Synopsis Important: kernel-rt security update Type / Sévérité Security Advisory: Important Analyse des correctifs dans Red Hat Insights Identifiez et remédiez aux systèmes concernés par cette alerte Voir les systèmes concernés Sujet An update for kernel-rt is now available for Red Hat Enterprise Linux 84 Advanced Mission C ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter ...
Amazon Linux 2: ALAS2KERNEL-5.10-2023-038
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter() If an attacker can control the reference counter and se ...
Amazon Linux 2: ALAS2KERNEL-5.4-2023-050
An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information (CVE-2023-20593) An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation The qfq_change_agg() function in net/sched/sch_ ...
Amazon Linux 2: ALASLIVEPATCH-2023-146
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter() If an attacker can control the reference counter and se ...
Amazon Linux 2: ALASLIVEPATCH-2023-145
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter() If an attacker can control the reference counter and se ...
Amazon Linux 2: ALASLIVEPATCH-2023-144
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter() If an attacker can control the reference counter and se ...
Amazon Linux 2: ALASLIVEPATCH-2023-143
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter() If an attacker can control the reference counter and se ...
Amazon Linux 2: ALASLIVEPATCH-2023-142
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter() If an attacker can control the reference counter and se ...
Amazon Linux 2: ALASLIVEPATCH-2023-147
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter() If an attacker can control the reference counter and se ...
Amazon Linux 2: ALAS2-2023-2179
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter() If an attacker can control the reference counter and se ...
Amazon Linux 2: ALASLIVEPATCH-2023-148
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter() If an attacker can control the reference counter and se ...
Amazon Linux 2: ALAS2KERNEL-5.15-2023-025
An issue was discovered in the Linux kernel before 62 The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattrc (CVE-2022-48502) An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0600b443ff4393d097c485fbc8d3ed3b
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/N1ghtu/RWCTF5th-RIPTC

Exploit for Real World CTF 6th RIPTC.

RWCTF6th-RIPTC Preface RIPTC is a hard (1 solve/ 2291 teams) realworld linux kernel challenge in Real World CTF 6th And I managed to solve it after a day's hard work playing the CTF with Nu1L Before we start Because there's already some really cool and excellent material out there, I won’t go into Linux Traffic Control subsystem's detail here If you are

https://github.com/N1ghtu/RWCTF6th-RIPTC

Exploit for Real World CTF 6th RIPTC.

RWCTF6th-RIPTC Preface RIPTC is a hard (1 solve/ 2291 teams) realworld linux kernel challenge in Real World CTF 6th And I managed to solve it after a day's hard work playing the CTF with Nu1L Before we start Because there's already some really cool and excellent material out there, I won’t go into Linux Traffic Control subsystem's detail here If you are

References

CWE-416https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0323bce598eea038714f941ce2b22541c46d488fhttps://kernel.dance/0323bce598eea038714f941ce2b22541c46d488fhttps://www.debian.org/security/2023/dsa-5480https://www.debian.org/security/2023/dsa-5492http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.htmlhttps://lists.debian.org/debian-lts-announce/2023/10/msg00027.htmlhttp://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.htmlhttps://lists.debian.org/debian-lts-announce/2024/01/msg00004.htmlhttps://security.netapp.com/advisory/ntap-20240202-0003/https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5480https://github.com/N1ghtu/RWCTF5th-RIPTChttps://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2023-050.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook