March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – AsyncRAT – Active IOCs
January 17, 2023
Rewterz Threat Advisory – Multiple Apache Superset Vulnerabilities
January 17, 2023
Rewterz Threat Alert – AsyncRAT – Active IOCs
January 17, 2023
Rewterz Threat Advisory – Multiple Apache Superset Vulnerabilities
January 17, 2023
Severity
High
Analysis Summary
CVE-2023-0122 CVSS:7.5
Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the nvmet_setup_auth function in drivers/nvme/target/auth.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-0179 CVSS:7.8
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a stack-based buffer overflow in the Netfilter subsystem. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root.
CVE-2023-23559 CVSS:9.8
Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the rndis_query_oid function in drivers/net/wireless/rndis_wlan.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23455 CVSS:6.2
Linux Kernel is vulnerable to a denial of service, caused by a type confusion flaw in the atm_tc_enqueue function in net/sched/sch_atm.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-23454 CVSS:6.2
Linux Kernel is vulnerable to a denial of service, caused by a slab-out-of-bounds read flaw in the cbq_classify function in net/sched/sch_cbq.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-4842 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the attr_punch_hole() function in the NTFS3 driver. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause system to crash.
Impact
- Denial of Service
- Privilege Escalation
- Integer Overflow
Indicators Of Compromise
CVE
- CVE-2023-0122
- CVE-2023-0179
- CVE-2023-23559
- CVE-2023-23455
- CVE-2023-23454
- CVE-2022-4842
Affected Vendors
Linux
Affected Products
- Linux Kernel 6.0-rc2
- Linux Kernel 6.0-rc1
- Linux Kernel 6.0-rc3
- Linux Kernel 6.2-rc1
- Linux Kernel
- Linux Kernel 6.1.4
Remediation
Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information.