what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

CVE-2023-21255

Status Candidate

Overview

In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Related Files

Ubuntu Security Notice USN-6397-1
Posted Sep 27, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6397-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-2002, CVE-2023-20593, CVE-2023-21255, CVE-2023-2163, CVE-2023-2269, CVE-2023-31084, CVE-2023-3268, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776
SHA-256 | d13a796719bdfb63b4fcf139769434d3580bd60dc34168be371834a19bf9ba32
Ubuntu Security Notice USN-6339-4
Posted Sep 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6339-4 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48425, CVE-2023-21255, CVE-2023-2898, CVE-2023-31084, CVE-2023-3212, CVE-2023-38429
SHA-256 | a3e8b1ad5465602a156c435c1f2741dfb786234586cfda3347456f0aba58dbb2
Ubuntu Security Notice USN-6339-3
Posted Sep 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6339-3 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48425, CVE-2023-21255, CVE-2023-2898, CVE-2023-31084, CVE-2023-3212, CVE-2023-38429
SHA-256 | 2eb90c30fa41f35eeadbbd911d813105f3e87f3a1db17a27a52b84d78bcc4b2c
Ubuntu Security Notice USN-6357-1
Posted Sep 11, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6357-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-2002, CVE-2023-20593, CVE-2023-21255, CVE-2023-2163, CVE-2023-2269, CVE-2023-31084, CVE-2023-3268, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776
SHA-256 | ecf800ab0410dde6d764f6612d9757e127e606bdcd6ca315ff3520f9edd58563
Ubuntu Security Notice USN-6338-2
Posted Sep 11, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6338-2 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-21255, CVE-2023-2898, CVE-2023-31084, CVE-2023-32247, CVE-2023-32250, CVE-2023-32257, CVE-2023-32258, CVE-2023-38426, CVE-2023-38429
SHA-256 | 50b456251740b82bc0857a11e8461e784721fcfb5ced8b3aa4626d01c1868471
Ubuntu Security Notice USN-6339-2
Posted Sep 11, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6339-2 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48425, CVE-2023-21255, CVE-2023-2898, CVE-2023-31084, CVE-2023-3212, CVE-2023-38429
SHA-256 | 077fdae2800c336a924ddcf0c8feac75ced182727019b194d9b8d2a79240a64f
Ubuntu Security Notice USN-6340-2
Posted Sep 11, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6340-2 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-2002, CVE-2023-21255, CVE-2023-2163, CVE-2023-2269, CVE-2023-31084, CVE-2023-3268, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828
SHA-256 | 045924db858dde7ad8e6d37263e33cb1fb44ab22f984e57add4af1f2c7c8260b
Ubuntu Security Notice USN-6351-1
Posted Sep 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6351-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48425, CVE-2023-21255, CVE-2023-2898, CVE-2023-31084, CVE-2023-3212, CVE-2023-38429
SHA-256 | c15dae03407487c2d5285dce31df9e24e6e3b40cda4e1fbe3266938239c8f965
Ubuntu Security Notice USN-6350-1
Posted Sep 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6350-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48425, CVE-2023-21255, CVE-2023-2898, CVE-2023-31084, CVE-2023-3212, CVE-2023-38429
SHA-256 | fc93d3ecf4826862649617f94583491945529d2bd3ca986f5668259ad0fea34c
Ubuntu Security Notice USN-6349-1
Posted Sep 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6349-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-2002, CVE-2023-21255, CVE-2023-2163, CVE-2023-2269, CVE-2023-31084, CVE-2023-3268, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828
SHA-256 | 1d9fb6a128457ed7afc2d942d33e5ef8c298e6192bdb6aef4794ce3442ce3957
Ubuntu Security Notice USN-6344-1
Posted Sep 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6344-1 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-21255, CVE-2023-2898, CVE-2023-31084, CVE-2023-32247, CVE-2023-32250, CVE-2023-32257, CVE-2023-32258, CVE-2023-38426, CVE-2023-38429
SHA-256 | b07fb1eb36412b00d7edf10557e2e523d0814242a2dfb475128c7625f4e5a6ce
Ubuntu Security Notice USN-6340-1
Posted Sep 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6340-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-2002, CVE-2023-21255, CVE-2023-2163, CVE-2023-2269, CVE-2023-31084, CVE-2023-3268, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828
SHA-256 | 81bd54266a02c8d1951f5552a2dce659d1ccd3a9fc39bd072510487c34b3e54e
Ubuntu Security Notice USN-6339-1
Posted Sep 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6339-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-48425, CVE-2023-21255, CVE-2023-2898, CVE-2023-31084, CVE-2023-3212, CVE-2023-38429
SHA-256 | 491b72b3d8f313572073602181b37b8870c0766ba938f4f836eb334119fd4c46
Ubuntu Security Notice USN-6338-1
Posted Sep 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6338-1 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-21255, CVE-2023-2898, CVE-2023-31084, CVE-2023-32247, CVE-2023-32250, CVE-2023-32257, CVE-2023-32258, CVE-2023-38426, CVE-2023-38429
SHA-256 | 2ee8f4f89be7aba20da789b2af9e753495f65e05ad1798b5dda1c97c9e1c8903
Debian Security Advisory 5480-1
Posted Aug 21, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5480-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2022-39189, CVE-2022-4269, CVE-2023-1206, CVE-2023-1380, CVE-2023-2002, CVE-2023-2007, CVE-2023-20588, CVE-2023-2124, CVE-2023-21255, CVE-2023-21400, CVE-2023-2269, CVE-2023-2898, CVE-2023-3090, CVE-2023-31084
SHA-256 | 41dc7825fce5df5966134dc369b0fdabc89599073025de78f75ae2cf98e6b9a8
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close