CVE-2023-1095: In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls…

CVE-2017-18342 [CRITICAL] PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the CVEs: CVE-2017-18342, CVE-2017-8923, CVE-2017-9120, CVE-2019-1551, CVE-2019-16865, CVE-2019-16905, CVE-2019-19523, CVE-2019-19528, CVE-2019-19911, CVE-2020-0404, CVE-2020-0431, CVE-2020-0466, CVE-2020-10379, CVE-2020-11538, CVE-2020-11608, CVE-2020-12114, CVE-2020-12321, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-13757, CVE-2020-14314, CVE-2020-14351, CVE-2020-15778, CVE-2020-1967, CVE-2020-24394, CVE-2020-24504, CVE-2020-25211, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25717, CVE-2020-26541, CVE-2020-2715

[MEDIUM] Siemens SIMATIC S7-1500 TM MFP Linux Kernel ICS Advisory ## Siemens SIMATIC S7-1500 TM MFP Linux Kernel Release DateJune 15, 2023 Alert CodeICSA-23-166-11 ## As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). ## 1. EXECUTIVE SUMMARY - CVSS v3 9.8 - ATTENTION: Exploitable remotely / low attack complexity / public exploits available - Vendor: Siemens ProductCERT - Equipment: SIMATIC S7-1500 TM MFP - Vulnerabilities: Multiple vulnerabilities ## 2. RISK EVALUATION Exploitation of these vulnerabilities could lead to denial-of-service, crashing t

CVE-2023-23559 [MEDIUM] Linux kernel (OEM) vulnerabilities Title: Linux kernel (OEM) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1281) It was discovered that the Integrity Measurement Architecture (IMA) implementation in the Linux kernel did not properly enforce policy in certain conditions. A privileged attacker could use this to bypass Kernel lockdown restrictions. (CVE-2022-21505) It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially craf

CVE-2022-1516 [MEDIUM] Linux kernel (AWS) vulnerabilities Title: Linux kernel (AWS) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service (connection termination) or inject forged data. (CVE-2020-36516) Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately l

CVE-2023-1095 [MEDIUM] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service (connection termination) or inject forged data. (CVE-2020-36516) Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit t

CVE-2023-1095 [MEDIUM] Linux kernel (AWS) vulnerabilities Title: Linux kernel (AWS) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service (connection termination) or inject forged data. (CVE-2020-36516) Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately l

CVE-2023-1095 [MEDIUM] CWE-476 In nf_tables_updtable if nf_tables_table_enable returns an error nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del() but the transaction was never placed o In nf_tables_updtable if nf_tables_table_enable returns an error nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del() but the transaction was never placed on a list -- the list head is all zeroes this results in a NULL pointer dereference. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for m

CVE-2023-1095 [MEDIUM] CVE-2023-1095: linux - In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_des... In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. Scope: local bookworm: resolved (fixed in 5.19.6-1) bullseye: resolved (fixed in 5.10.140-1) forky: resolved (fixed in 5.19.6-1) sid: resolved (fixed in 5.19.6-1) trixie: resolved (fixed in 5.19.6-1)

CVE-2023-1095 [MEDIUM] CWE-476 kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. A NULL pointer dereference flaw was found in the Linux kernel’s netfilter subsystem. The issue could occur due to an error in nf_tables_updtable while freeing a transaction object not placed on the list head. This flaw allows a local, unprivileged user to crash the system, resulting in a denial of service. Mitigation: This flaw can be mitigated by preventing the affected netfilter kernel module from being loaded. For instruc

CVE-2023-1281 [MEDIUM] linux-oem-5.17 vulnerabilities linux-oem-5.17 vulnerabilities It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1281) It was discovered that the Integrity Measurement Architecture (IMA) implementation in the Linux kernel did not properly enforce policy in certain conditions. A privileged attacker could use this to bypass Kernel lockdown restrictions. (CVE-2022-21505) It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-39

CVE-2020-36516 [MEDIUM] linux, linux-kvm, linux-lts-xenial vulnerabilities linux, linux-kvm, linux-lts-xenial vulnerabilities Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service (connection termination) or inject forged data. (CVE-2020-36516) Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV

CVE-2020-36516 [MEDIUM] linux-aws vulnerabilities linux-aws vulnerabilities Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service (connection termination) or inject forged data. (CVE-2020-36516) Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to

CVE-2023-1095 [MEDIUM] CWE-476 GHSA-grc4-c844-m2mx: In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.

CVE-2023-1095 [MEDIUM] CVE-2023-1095: In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.

Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects 0 @IEEEauthorhalign @IEEEauthorhalign Kaiming Huang Penn State University [email protected] Mathias Payer EPFL [email protected] Zhiyun Qian UC Riverside [email protected] Jack Sampson Penn State University [email protected] \ \ \ \ Gang Tan \ \ \ \ Penn State University \ \ \ \ [email protected] Trent Jaeger Penn State University [email protected] Kaiming Huang Penn State University [email protected] Mathias Payer EPFL [email protected] Zhiyun Qian UC Riverside [email protected] Jack Sampson Penn State University [email protected] Gang Tan Penn State University [email protected] Trent Jaeger UC Riverside [email protected] 0 CCSXML 10002978.10003022.10003023 Security and privacy Software

CVE-2024-27065 [MEDIUM] CVE-2024-27065 kernel: netfilter: nf_tables: do not compare internal table flags on updates CVE-2024-27065 kernel: netfilter: nf_tables: do not compare internal table flags on updates In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates The Linux kernel CVE team has assigned CVE-2024-27065 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050132-CVE-2024-27065-8c9d@gregkh/T Discussion: Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2278381] --- I don't see any security implication of the fixed bug. Florian, Zack, Alex, do you? --- In reply to comment #10: > I don't see any security implication of the fixed bug. Florian, Zack, Alex, > do you? I decrease it to Low. Based on that incorrect behavior in the nf_tables_updtable can lead to

CVE-2023-1095 [MEDIUM] CVE-2023-1095 kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head CVE-2023-1095 kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. Upstream patch & commit: https://lore.kernel.org/netfilter-devel/[email protected]/ https://github.com/torvalds/linux/commit/580077855a40741cf511766129702d97ff02f4d9 Discussion: This issue was fixed upstream in version 6.0. The kernel packages as shipped in Red Hat Enterprise Linux 8 and 9 were previously updated to a version that contains the fix via the following errata: kernel in Red Hat