April 14, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
August 2, 2023Rewterz Threat Alert – Mallox Ransomware Exploits Vulnerable MS-SQL Servers to Breach Networks – Active IOCs
August 2, 2023Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
August 2, 2023Rewterz Threat Alert – Mallox Ransomware Exploits Vulnerable MS-SQL Servers to Breach Networks – Active IOCs
August 2, 2023
Severity
Medium
Analysis Summary
CVE-2023-2430 CVSS:6.5
Linux Kernel is vulnerable to a denial of service, caused by a missing lock for the IOPOLL in io_cqring_event_overflow() in io_uring.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-2860 CVSS:4.4
Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the processing of seg6 attributes. By sending a specially crafted request, an attacker could exploit this vulnerability to read past the end of an allocated buffer, and use this information to launch further attacks against the affected system.
CVE-2023-32258 CVSS:8.1
Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a race condition in the processing of SMB2_LOGOFF and SMB2_CLOSE commands. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of the kernel.
CVE-2023-33951 CVSS:6.7
Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a race condition in the handling of GEM objects. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information in the context of the kernel, or cause a denial of service condition.
CVE-2023-33952 CVSS:8.2
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a double free in the handling of vmw_buffer_object objects. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute code in the context of the kernel.
CVE-2023-3567 CVSS:6.3
Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a use-after-free flaw in the vcs_read function in drivers/tty/vt/vc_screen.c in vc_screen. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain internal kernel information or cause the system to crash.
CVE-2023-3610 CVSS:7.8
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the netfilter: nf_tables component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-3611 CVSS:7.8
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write flaw in the net/sched: sch_qfq component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-3640 CVSS:7
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by unauthorized memory access flaw in cpu_entry_area mapping of X86 CPU data to memory. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-3772 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the kernel to crash.
CVE-2023-3773 CVSS:5.5
Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the XFRMA_MTIMER_THRESH when parsing netlink attributes. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive heap data, and use this information to launch further attacks against the affected system.
CVE-2023-3776 CVSS:7.8
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the net/sched: cls_fw component. By sending a specially crafted request using the reference counter, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-3812 CVSS:7.8
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds memory access flaw in the TUN/TAP device driver function when napi frags is enabled. By generating a specially crafted packet, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash.
Impact
- Code Execution
- Privilege Escalation
- Denial of Service
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-2430
- CVE-2023-2860
- CVE-2023-32258
- CVE-2023-33951
- CVE-2023-33952
- CVE-2023-3567
- CVE-2023-3610
- CVE-2023-3611
- CVE-2023-3640
- CVE-2023-3772
- CVE-2023-3773
- CVE-2023-3776
- CVE-2023-3812
Affected Vendors
Linux
Affected Products
- Linux Kernel
- Linux Kernel 6.1.4
- Linux Kernel 5.9
- Linux Kernel 5.15
- Linux Kernel 6.3.0
- Linux Kernel 6.4
- Linux Kernel 3.8
- Linux Kernel 2.6.0
- Linux Kernel 6.0
Remediation
Refer to Linux Kernel GIT Repository, Linux Kernel Web Site and lore.kernel Web site for patch, upgrade or suggested workaround information.
