exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2023-1076

Status Candidate

Overview

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.

Related Files

Ubuntu Security Notice USN-6385-1
Posted Sep 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-27672, CVE-2022-4269, CVE-2023-0458, CVE-2023-1075, CVE-2023-1076, CVE-2023-1206, CVE-2023-1380, CVE-2023-1611, CVE-2023-2002, CVE-2023-20593, CVE-2023-2162, CVE-2023-2163, CVE-2023-2235, CVE-2023-2269
SHA-256 | 397aabee4166381c7e45af794aab5e2f5ce22baf3c0ee09c03c9b743ea1a8b5f
Ubuntu Security Notice USN-6256-1
Posted Jul 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6256-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-3108, CVE-2022-3707, CVE-2022-3903, CVE-2022-4129, CVE-2023-0458, CVE-2023-0459, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1118
SHA-256 | 53c2946b5d19f257334d1182e7199b58771f576b4b09ca7d1fb73edd8b8401a3
Ubuntu Security Notice USN-6223-1
Posted Jul 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6223-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1670, CVE-2023-1859, CVE-2023-1998, CVE-2023-25012, CVE-2023-2985, CVE-2023-35788
SHA-256 | 6734417eac361fe013105bbc41e89886a385309d8bc7bdc98d05b21ba8977cd8
Ubuntu Security Notice USN-6222-1
Posted Jul 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6222-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-3108, CVE-2022-3707, CVE-2022-3903, CVE-2022-4129, CVE-2023-0458, CVE-2023-0459, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1118
SHA-256 | 94dbf49a52b22f22555588a1537c9f53427bb276aea89e1ea9e550c810bfd1d7
Ubuntu Security Notice USN-6207-1
Posted Jul 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6207-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1670, CVE-2023-1859, CVE-2023-1998, CVE-2023-25012, CVE-2023-2985
SHA-256 | 078d5bcad96bf9c3bb2527dc64d2f00742ddc07203c5630cbb8b66d7899217b6
Ubuntu Security Notice USN-6187-1
Posted Jun 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6187-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-4269, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1670, CVE-2023-1859, CVE-2023-1998, CVE-2023-25012, CVE-2023-2985
SHA-256 | 89823737d37fd6db3070e194a86809b3c820df253fef685096a594196fd7d2d3
Ubuntu Security Notice USN-6185-1
Posted Jun 23, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6185-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1670, CVE-2023-1859, CVE-2023-1998, CVE-2023-25012, CVE-2023-2985
SHA-256 | be2e9478a6761c035541dad4eff6b7f5f36c9c99263510c8055de1ab00fac4e0
Ubuntu Security Notice USN-6172-1
Posted Jun 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6172-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1670, CVE-2023-1859, CVE-2023-1998, CVE-2023-25012, CVE-2023-2985
SHA-256 | 330cba8aaf905bebf41e6a80a4c8a1cb8e157b85a9c041a2105319a7b2000420
Ubuntu Security Notice USN-6171-1
Posted Jun 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6171-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-4269, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1670, CVE-2023-1859, CVE-2023-1998, CVE-2023-25012, CVE-2023-2985
SHA-256 | 5e0f2f5de44174f1ab476b95c56ddf85f9e10ffea2fee44490d67465174ad759
Ubuntu Security Notice USN-6033-1
Posted Apr 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6033-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-4269, CVE-2023-1032, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1118, CVE-2023-1583, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-25012
SHA-256 | 5a30980fd0cd1ca4d29c020630f7aeac282e7c27dca316f9119d20f043479ba7
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close