Rewterz Annual Threat Intelligence Report 2025 - Download Now

Request a Demo
Rewterz
Rewterz Threat Alert – AsyncRAT – Active IOCs
January 17, 2023
Rewterz
Rewterz Threat Advisory – Multiple Apache Superset Vulnerabilities
January 17, 2023

Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-0122 CVSS:7.5

Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the nvmet_setup_auth function in drivers/nvme/target/auth.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-0179 CVSS:7.8

Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a stack-based buffer overflow in the Netfilter subsystem. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root.

CVE-2023-23559 CVSS:9.8

Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the rndis_query_oid function in drivers/net/wireless/rndis_wlan.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-23455 CVSS:6.2

Linux Kernel is vulnerable to a denial of service, caused by a type confusion flaw in the atm_tc_enqueue function in net/sched/sch_atm.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-23454 CVSS:6.2

Linux Kernel is vulnerable to a denial of service, caused by a slab-out-of-bounds read flaw in the cbq_classify function in net/sched/sch_cbq.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-4842 CVSS:5.5

Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the attr_punch_hole() function in the NTFS3 driver. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause system to crash.

Impact

  • Denial of Service
  • Privilege Escalation
  • Integer Overflow

Indicators Of Compromise

CVE

  • CVE-2023-0122
  • CVE-2023-0179
  • CVE-2023-23559
  • CVE-2023-23455
  • CVE-2023-23454
  • CVE-2022-4842

Affected Vendors

Linux

Affected Products

  • Linux Kernel 6.0-rc2
  • Linux Kernel 6.0-rc1
  • Linux Kernel 6.0-rc3
  • Linux Kernel 6.2-rc1
  • Linux Kernel
  • Linux Kernel 6.1.4

Remediation

Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information.

CVE-2023-0122

CVE-2023-0179

CVE-2023-23559

CVE-2023-23455

CVE-2023-23454

CVE-2022-4842