CVE-2023-3327

The Linux Kernel, the operating system core itself.

Security Fix(es):

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb register device dynamically allocating fops.(CVE-2022-45884)

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.(CVE-2023-3327)

A race condition was found in the QXL driver in the Linux kernel. The qxl mode dumb create() function dereferences the qobj returned by the qxl gem object create with handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.(CVE-2023-39198)

A use-after-free vulnerability in the Linux kernel's net/sched: sch hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.

If a class with a link-sharing curve (i.e. with the HFSC FSC flag set) has a parent without a link-sharing curve, then init vf() will call vttree insert() on the parent, but vttree remove() will be skipped in update vf(). This leaves a dangling pointer that can cause a use-after-free.

We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.

(CVE-2023-4623)

A use-after-free vulnerability in the Linux kernel's netfilter: nf tables component can be exploited to achieve local privilege escalation.

Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.

We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.

(CVE-2023-5197)