March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – Fabookie: A Stealthy InfoStealer Threat Targeting Social Media Accounts – Active IOCs
August 2, 2023
Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
August 2, 2023
Rewterz Threat Alert – Fabookie: A Stealthy InfoStealer Threat Targeting Social Media Accounts – Active IOCs
August 2, 2023
Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
August 2, 2023
Severity
Medium
Analysis Summary
CVE-2023-4010 CVSS:4.6
Linux Kernel is vulnerable to a denial of service, caused by a loophole flaw in the usb_giveback_urb function in the USB Host Controller Driver framework. By using a specially crafted USB device, a physical attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition.
CVE-2023-4004 CVSS:7.8
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the nft_pipapo_remove function in the netfilter. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash.
Impact
- Denial of Service
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-4010
- CVE-2023-4004
Affected Vendors
Linux
Affected Products
- Linux Kernel
- Linux Kernel 6.4
- Linux Kernel 6.5-rc4
Remediation
Upgrade to the latest version of Linux Kernel, available from the Linux Kernel Website.