ALT-PU-2023-6854-1 — kernel-image-centos

BDU:2023-03783

MEDIUM4.6

Уязвимость функции read_descriptors() в модуле drivers/usb/core/sysfs.c драйвера USB ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-07-19Modified: 2025-08-19

CVSS 3.xMEDIUM 4.6

CVSS:3.x/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2023-37453

BDU:2023-04655

MEDIUM5.5

Уязвимость функции cxgb4_cleanup_tc_flower() в модуле drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c драйвера Chelsio cxgb4 ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-08-14Modified: 2025-08-19

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2023-4133

BDU:2023-06420

MEDIUM5.5

Уязвимость функции ipv4_send_dest_unreach() в модуле net/ipv4/route.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-10-09Modified: 2025-08-19

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2023-42754

CVE-2023-37453

MEDIUM4.6

An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.

Published: 2023-07-06Modified: 2025-05-05

CVSS 3.xMEDIUM 4.6

CVSS:3.x/CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2023-4133

MEDIUM5.5

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.

Published: 2023-08-03Modified: 2024-11-21

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2023-42754

MEDIUM5.5

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.

Published: 2023-10-05Modified: 2024-11-21

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Package update kernel-image-centos in branch sisyphus

Closed issues (6)

Уязвимость функции read_descriptors() в модуле drivers/usb/core/sysfs.c драйвера USB ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции ipv4_send_dest_unreach() в модуле net/ipv4/route.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.