Redhat Enterprise Linux vulnerabilities

CVE-2023-5380 [MEDIUM] CWE-416 CVE-2023-5380: A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specif A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed follo

CVE-2023-5633 [HIGH] CVE-2023-5633: The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a us The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

CVE-2023-5557 [HIGH] CWE-693 CVE-2023-5557: A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-craft A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.

CVE-2023-43789 [MEDIUM] CWE-125 CVE-2023-43789: A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a loca A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-43787 [HIGH] CWE-122 CVE-2023-43787: A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. T A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.

CVE-2023-43788 [MEDIUM] CWE-125 CVE-2023-43788: A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuff A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.

CVE-2023-43786 [MEDIUM] CWE-400 CVE-2023-43786: A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.

CVE-2023-43785 [MEDIUM] CWE-787 CVE-2023-43785: A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() functio A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.

CVE-2023-39189 [MEDIUM] CWE-125 CVE-2023-39189: A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.

CVE-2023-39193 [MEDIUM] CWE-125 CVE-2023-39193: A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.

CVE-2023-39192 [MEDIUM] CWE-125 CVE-2023-39192: A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.

CVE-2023-39194 [MEDIUM] CWE-125 CVE-2023-39194: A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the proc A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.

CVE-2023-5366 [MEDIUM] CWE-345 CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual m A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.

CVE-2023-42754 [MEDIUM] CWE-476 CVE-2023-42754: A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) wa A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.

CVE-2023-41175 [MEDIUM] CWE-190 CVE-2023-41175: A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

CVE-2023-40745 [MEDIUM] CWE-190 CVE-2023-40745: LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.

CVE-2023-42755 [MEDIUM] CWE-125 CVE-2023-42755: A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. Th A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.

CVE-2023-39191 [HIGH] CWE-20 CVE-2023-39191: An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occ An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

CVE-2023-3576 [MEDIUM] CWE-119 CVE-2023-3576: A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.