QID 355531

A flaw was found in the linux kernel traffic control (tc) subsystem.
Using a specific networking configuration (redirecting egress packets to ingress using tc action "mirred") a local unprivileged user could trigger a cpu soft lockup (abba deadlock) when the transport protocol in use (tcp or sctp) does a retransmission, resulting in a denial of service condition. (
( CVE-2022-4269) a flaw was found in the linux kernel's networking subsystem within the rpl protocol's handling.
This issue results from the improper handling of user-supplied data, which can lead to an assertion failure.
This flaw allows an unauthenticated, remote attacker to create a denial of service condition on the system. (
( CVE-2023-2156) an out of bounds (oob) memory access flaw was found in the linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs.
This flaw could allow a local attacker to crash the system or leak kernel internal information. (
( CVE-2023-3268) an issue was discovered in the linux kernel before 6.3.3.
There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. (
( CVE-2023-34256) an issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the linux kernel before 6.3.7.
It allows an out-of-bounds write in the flower classifier code via tca_flower_key_enc_opts_geneve packets.
This may result in denial of service or privilege escalation. (
( CVE-2023-35788)

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.