QID 356371

2023-10-12:( CVE-2023-39192 was added to this advisory. 2023-10-12:( CVE-2023-39193 was added to this advisory. 2023-10-10:( CVE-2023-42755 was added to this advisory. netfilter: xt_u32: validate user space input note: https://www.zerodayinitiative.com/advisories/zdi-23-1490/ note: https://git.kernel.org/linus/69c5d284f67089b4750d28ff6ac6f52ec224b330 (6.6-rc1) (cve-2023-39192) netfilter: xt_sctp: validate the flag_info count note: https://www.zerodayinitiative.com/advisories/zdi-23-1491/ note: https://git.kernel.org/linus/e99476497687ef9e850748fe6d232264f30bc8f9 (6.6-rc1) (cve-2023-39193) an integer overflow in kmalloc_reserve() in the linux kernel may allow a local user to crash the system, or in some cases obtain code execution in kernel space. (
( CVE-2023-42752) a flaw was found in rsvp_change().
The root cause is an slab-out-of-bound access, but since the offset to the original pointer is an `unsign int` fully controlled by users, the behavior is usually a wild pointer access. (
( CVE-2023-42755) a use-after-free vulnerability in the linux kernels net/sched: sch_hfsc (hfsc qdisc traffic control) component can be exploited to achieve local privilege escalation. if a class with a link-sharing curve (i.e. with the hfsc_fsc flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf().
This leaves a dangling pointer that can cause a use-after-free. we recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. (

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.