ClickCease Several Use After Free Linux Kernel Flaws Fixed

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Several Use After Free Linux Kernel Flaws Fixed

Rohan Timalsina

April 18, 2023 - TuxCare expert team

Recently, the Linux kernel was found to have several critical flaws. Memory exhaustion, system crashes, denial of service (DoS), the disclosure of private data, cross-site scripting (XSS) attacks, privilege escalation attacks, or the execution of arbitrary code are all potential effects of these issues.

This blog post will discuss those kernel vulnerabilities and their potential impacts on the system.

 

Impact of Discovered Flaws

CVE-2023-0266

The Linux kernel’s Advanced Linux Sound Architecture (ALSA) subsystem contained a use-after-free vulnerability. A local attacker can use this flaw to escalate privileges on the system and leak kernel information.

 

CVE-2021-3669

Since measuring the usage of shared memory does not properly scale with large shared memory segments, it could result in memory exhaustion and a denial of service (DoS).

 

CVE-2022-3424

The SGI GRU driver in the Linux kernel contained a use-after-free flaw. As a result, this vulnerability allows a local attacker to cause a system crash or potentially escalate their privileges.

 

CVE-2022-36280

The Linux kernel’s vmwgfx driver included an out-of-bounds write vulnerability which allows a local attacker to escalate their privileges on the system or cause a system crash.

 

CVE-2022-41218

The dvb-core subsystem in the Linux kernel contained a use-after-free vulnerability in how a user physically removed a USB device while running malicious code. As a result, a local user can cause a denial of service or escalate their privileges on the system.

 

CVE-2022-47929

A NULL pointer deference flaw was discovered in the network queuing discipline implementation in the Linux kernel. This vulnerability allows a local attacker to cause a system crash or leak internal kernel details.

 

CVE-2023-0045

The prctl syscall failed to protect against indirect branch prediction attacks in some cases. As a result, a local attacker may use this flaw to disclose sensitive information.

 

CVE-2023-0394

A NULL pointer deference flaw was discovered in one of the network subcomponents in the Linux kernel. This vulnerability can result in a system crash.

 

CVE-2023-23455

The atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel was found to have a denial of service flaw. Such type confusion vulnerability may allow a local attacker to cause a denial of service.

 

CVE-2023-23559

The RNDIS USB driver in the Linux kernel included an integer overflow vulnerability. As a result, a local user can cause a system crash or escalate their privileges on the system.

 

CVE-2023-28328

The Linux kernel’s DVB USB AZ6027 driver included a NULL point deference flaw which allows a local attacker to cause a denial of service (system crash).

 

Security Measures for Linux Kernel Flaws

For system administrators, it is critical to track security updates and apply them as soon as they are available. TuxCare has recently released patches for the above flaws in the Linux kernel. Therefore, we recommend all affected users update the patches immediately to safeguard their systems and sensitive data from attackers.

KernelCare can patch all popular Linux distributions without system reboots or downtime, so you don’t have to worry about downtime. You can read more about KernelCare Enterprise and how its live patching works.

 

The sources for this article include a story from LinuxSecurity.

Summary
Several Use After Free Linux Kernel Flaws Fixed
Article Name
Several Use After Free Linux Kernel Flaws Fixed
Description
The Linux kernel was found to have several critical flaws, including use-after-free, denial of service (DoS), and XSS flaws.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter