BDU:2023-02097

Уязвимость реализации протокола TLS ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-28466

Published: 2023-04-14

BDU:2023-02605

Уязвимость функции qfq_change_class() ядра операционных систем Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации.

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-31436

Published: 2023-05-01
Modified: 2023-11-07

CVE-2023-2248

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436.

Published: 2023-03-16
Modified: 2024-11-21

CVE-2023-28466

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2023-04-28
Modified: 2024-11-21

CVE-2023-31436

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Package kernel-image-centos update in sisyphus on 2023-05-22

ALT-PU-2023-1851-1

Closed vulnerabilities

BDU:2023-02097

BDU:2023-02605

CVE-2023-2248

CVE-2023-28466

CVE-2023-31436