Redhat Enterprise Linux vulnerabilities

CVE-2023-42756 [MEDIUM] CWE-362 CVE-2023-42756: A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.

CVE-2023-5215 [MEDIUM] CWE-241 CVE-2023-5215: A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec stat A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.

CVE-2023-5157 [HIGH] CWE-400 CVE-2023-5157: A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.

CVE-2023-4156 [HIGH] CWE-125 CVE-2023-4156: A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.

CVE-2023-42753 [HIGH] CWE-787 CVE-2023-42753: An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate thei

CVE-2023-5156 [HIGH] CVE-2023-5156: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

CVE-2023-4806 [MEDIUM] CWE-416 CVE-2023-4806: A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may ac A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The r

CVE-2023-4527 [MEDIUM] CWE-121 CVE-2023-4527: A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

CVE-2023-2680 [HIGH] CVE-2023-2680: This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm pack This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.

CVE-2023-3255 [MEDIUM] CWE-835 CVE-2023-3255: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong ex A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service

CVE-2023-4155 [MEDIUM] CWE-367 CVE-2023-4155: A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest u A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a den

CVE-2023-3301 [MEDIUM] CWE-617 CVE-2023-3301: A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net devic A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

CVE-2023-4813 [MEDIUM] CWE-416 CVE-2023-4813: A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

CVE-2023-4569 [MEDIUM] CWE-402 CVE-2023-4569: A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak.

CVE-2023-38201 [MEDIUM] CWE-639 CVE-2023-38201: A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protoc A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the

CVE-2023-3899 [HIGH] CWE-285 CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inad A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper

CVE-2023-4042 [MEDIUM] CVE-2023-4042: A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA- A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.

CVE-2023-4459 [MEDIUM] CWE-476 CVE-2023-4459: A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.

CVE-2023-4387 [HIGH] CWE-416 CVE-2023-4387: A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in V A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.

CVE-2023-39417 [HIGH] CWE-89 CVE-2023-39417: IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@ IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code