Published: 05/10/2023 Updated: 30/04/2024

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

An issue exists in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0. (CVE-2023-31085) A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen guests. (CVE-2023-34324) ipv4: fix null-deref in ipv4_link_failure NOTE: www.openwall.com/lists/oss-security/2023/10/02/8NOTE: git.kernel.org/linus/0113d9c9d1ccc07f5a3710dac4aa24b6d711278c (6.6-rc3) (CVE-2023-42754)

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 6.6
linux linux kernel
redhat enterprise linux 8.0
redhat enterprise linux 9.0
fedoraproject fedora 37
fedoraproject fedora 38
fedoraproject fedora 39

DescriptionA NULL pointer dereference flaw was found in the Linux kernel ipv4 stack The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs This issue may allow a local user with CAP_NET_ADMIN privileges to crash the systemA NULL p ...

An issue was discovered in drivers/mtd/ubi/cdevc in the Linux kernel 62 There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0 (CVE-2023-31085) A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen guests (CVE-2023-3432 ...

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability We r ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-476 https://access.redhat.com/security/cve/CVE-2023-42754 https://bugzilla.redhat.com/show_bug.cgi?id=2239845 https://seclists.org/oss-sec/2023/q4/14 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://access.redhat.com/errata/RHSA-2024:2394 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-42754 https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2023-055.html https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

CVE-2023-42754

Vulnerability Summary

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect