Billy Jheng Bing-Jhong

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 6.8 through 6.9 Linux kernel version 5.15.147 Linux kernel version 6.1.78 Linux kernel version 6.6.17 **Description** The vulnerability is related to a race condition between the ` unix gc()` and `queue oob()` functions in the `af unix` module of the Linux kernel. This race condition can lead to a NULL pointer dereference, causing a kernel crash or potentially allowing an attacker to escalate privileges. The issue arises when the ` unix gc()` function tries to garbage-collect closed inflight sockets and the peer socket sends an MSG OOB message, allowing `queue oob()` to update `unix sk(sk)->oob skb` concurrently. The vulnerability affects Linux kernel versions 6.8 through 6.9, 5.15.147, 6.1.78, and 6.6.17. It can be exploited to achieve local privilege escalation and potentially container escape. **Recommendations** To resolve the issue, update the `unix sk(sk)->oob skb` under the `sk receive queue` lock and take it everywhere `oob skb` is touched. Additionally, defer `kfree skb()` in `manage oob()` to silence lockdep false-positive. For each affected version, the recommendation is to update to a newer version that includes the fix. Specifically: - For versions 6.8 through 6.9, update to version 6.9 or later. - For version 5.15.147, update to version 5.15.148 or later. - For version 6.1.78, update to version 6.1.79 or later. - For version 6.6.17, update to version 6.6.18 or later. It is crucial to apply these updates to prevent potential exploitation of the vulnerability.

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.29.0 Description: The issue is related to insufficient restriction of the communication channel for given endpoints, allowing an attacker who has gained access to the Docker Desktop VM through a container breakout to further escape to the host by passing extensions and dashboard related IPC messages. Exploitation requires the "Allow only extensions distributed through the Docker Marketplace" setting to be disabled. Recommendations: For Docker Desktop versions prior to 4.29.0, update to version 4.29.0 or later to fix the issue on MacOS, Linux, and Windows with Hyper-V backend. Additionally, consider enabling the "Allow only extensions distributed through the Docker Marketplace" setting by default, as introduced in Docker Desktop version 4.31.0, to prevent exploitation. As a temporary workaround, consider disabling the extension-manager until a patch is available. Restrict access to the vulnerable IPC messages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.38 **Description** The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, which can allow an attacker to gain unauthorized access to protected information. Successful attacks can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. The vulnerability can be easily exploited by a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes. **Recommendations** For versions prior to 6.1.38, update to version 6.1.38 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation. Additionally, ensure that only authorized and trusted users have logon access to the infrastructure where Oracle VM VirtualBox executes.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.38 **Description** The issue is related to insufficient input validation in the `PGMPhysRead()` function of the Core component in Oracle VM VirtualBox. This allows a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks can result in the takeover of Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. **Recommendations** For versions prior to 6.1.38, update to version 6.1.38 or later to resolve the issue. As a temporary workaround, consider restricting access to the `PGMPhysRead()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Samba versions prior to 4.13.17 Samba versions prior to 4.14.12 Samba versions prior to 4.15.5 **Description** The Samba vfs fruit module uses extended file attributes to provide enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. The vulnerability is related to an out-of-bounds heap read and write via specially crafted extended file attributes. The affected module is used for enhanced compatibility with Apple SMB clients and Netatalk 3 AFP file servers. **Recommendations** For Samba versions prior to 4.13.17, update to version 4.13.17 or apply the corresponding patches. For Samba versions prior to 4.14.12, update to version 4.14.12 or apply the corresponding patches. For Samba versions prior to 4.15.5, update to version 4.15.5 or apply the corresponding patches. As a temporary workaround, consider restricting access to the vulnerable vfs fruit module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Parallels Desktop version 16.1.3 Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this issue. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of the hypervisor. Recommendations: For Parallels Desktop version 16.1.3, consider disabling the Toolgate component until a patch is available. Restrict access to the Toolgate component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.13-rc1 Linux kernel versions 5.7-rc1 through 5.12.3 Linux kernel versions 5.11 through 5.11.20 Linux kernel versions 5.10 through 5.10.36 **Description** The issue is related to a buffer overflow in the io uring subsystem of the Linux kernel, allowing an attacker to execute arbitrary code. This is due to the MAX RW COUNT limit being bypassed in the PROVIDE BUFFERS operation, leading to negative values being used in mem rw when reading /proc/<PID>/mem, which could result in a heap overflow. **Recommendations** For Linux kernel versions prior to 5.7-rc1, there is no information about a fix. For Linux kernel versions 5.7-rc1 through 5.12.3, update to version 5.12.4 or later. For Linux kernel versions 5.11 through 5.11.20, update to version 5.11.21 or later. For Linux kernel versions 5.10 through 5.10.36, update to version 5.10.37 or later. As a temporary workaround, consider restricting access to the io uring subsystem until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.20 **Description** The issue is related to a buffer read operation that can lead to unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. It affects the Core component of Oracle VM VirtualBox and can be exploited by a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes. Successful attacks may significantly impact additional products. **Recommendations** For versions prior to 6.1.20, update to version 6.1.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite version 12.1.3 **Description** The issue is related to a flaw in the APIs component of Oracle Installed Base, allowing a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to critical data, including creation, deletion, or modification of data. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For version 12.1.3, consider restricting access to the APIs component until a fix is available. As a temporary workaround, limit the use of HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.20 **Description** The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in the takeover of Oracle VM VirtualBox and may significantly impact additional products. **Recommendations** For versions prior to 6.1.20, update to version 6.1.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.