ALT-PU-2023-2482-1 — kernel-image-un-def

BDU:2023-00383

HIGH7.8

Уязвимость компонентa netfilter ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и повысить свои привилегии.

Published: 2023-01-25Modified: 2024-09-24

CVSS 3.xHIGH 7.8

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C

References

CVE-2023-0179

BDU:2023-00747

MEDIUM4.6

Уязвимость драйвера drivers/hid/hid-bigbenff.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-02-15Modified: 2024-09-13

CVSS 3.xMEDIUM 4.6

CVSS:3.x/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2023-25012

BDU:2023-01572

HIGH7.8

Уязвимость функции stat() подсистемы OverlayFS ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии

Published: 2023-03-27Modified: 2025-08-19

CVSS 3.xHIGH 7.8

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C

References

CVE-2023-0386

CVE-2023-0179

HIGH7.8

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

Published: 2023-03-27Modified: 2024-11-21

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

CVE-2023-0386

HIGH7.8

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

Published: 2023-03-22Modified: 2025-11-04

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

CVE-2023-25012

MEDIUM4.6

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.

Published: 2023-02-02Modified: 2025-05-05

CVSS 3.xMEDIUM 4.6

CVSS:3.x/CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Package update kernel-image-un-def in branch sisyphus_riscv64

Closed issues (6)

Уязвимость драйвера drivers/hid/hid-bigbenff.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции stat() подсистемы OverlayFS ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.

Closed bugs (1)

Включить SFC_SIENA