Rejected reason: This was assigned as a duplicate of CVE-2023-4244.

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4072-2 advisory.

  - A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS     transfers response data to a system call, there are still local variable points to the memory region, and     if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a     denial of service. (CVE-2023-1192)

  - A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6     functionality when a user makes a new kind of SYN flood attack. A user located in the local network or     with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up     to 95%. (CVE-2023-1206)

  - A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs     in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem,     possibly leading to a kernel information leak. (CVE-2023-1859)

  - A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in     Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A     local user could use this flaw to crash the system or potentially cause a denial of service.
    (CVE-2023-2177)

  - A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the     fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds     read by setting the size fields with a value beyond the array boundaries, leading to a crash or     information disclosure. (CVE-2023-39192)

  - A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the     flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds     read, leading to a crash or information disclosure. (CVE-2023-39193)

  - A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing     of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local     privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an     information disclosure. (CVE-2023-39194)

  - A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using     SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke     the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can     trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel     configurations without stack guard pages (`CONFIG_VMAP_STACK`). (CVE-2023-4155)

  - An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro     could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to     arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash     the system or potentially escalate their privileges on the system. (CVE-2023-42753)

  - A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was     assumed to be associated with a device before calling __ip_options_compile, which is not always the case     if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash     the system. (CVE-2023-42754)

  - A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel     due to a double decrement of the reference count. This issue may allow a local attacker with user     privilege to crash the system or may lead to leaked internal kernel information. (CVE-2023-4389)

  - A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local     privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's     recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an     skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend     upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. (CVE-2023-4622)

  - A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control)     component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve     (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call     vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling     pointer that can cause a use-after-free. We recommend upgrading past commit     b3d26c5702c7d6c45456326e56d2ccf3f103e60f. (CVE-2023-4623)

  - A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to     achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending     network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug     and lack of error checking in agg_dequeue(). We recommend upgrading past commit     8fc134fee27f2263988ae38920bc03da416b03d8. (CVE-2023-4921)

  - A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve     local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed     but the field was not set to NULL which could lead to double free. We recommend upgrading past commit     e6e43b8aa7cd3c3af686caf0c2e11819a886d705. (CVE-2023-5345)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4093-1 advisory.

  - A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6     functionality when a user makes a new kind of SYN flood attack. A user located in the local network or     with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up     to 95%. (CVE-2023-1206)

  - A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs     in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem,     possibly leading to a kernel information leak. (CVE-2023-1859)

  - A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in     Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A     local user could use this flaw to crash the system or potentially cause a denial of service.
    (CVE-2023-2177)

  - A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the     fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds     read by setting the size fields with a value beyond the array boundaries, leading to a crash or     information disclosure. (CVE-2023-39192)

  - A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the     flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds     read, leading to a crash or information disclosure. (CVE-2023-39193)

  - A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing     of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local     privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an     information disclosure. (CVE-2023-39194)

  - A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using     SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke     the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can     trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel     configurations without stack guard pages (`CONFIG_VMAP_STACK`). (CVE-2023-4155)

  - An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro     could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to     arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash     the system or potentially escalate their privileges on the system. (CVE-2023-42753)

  - A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was     assumed to be associated with a device before calling __ip_options_compile, which is not always the case     if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash     the system. (CVE-2023-42754)

  - A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel     due to a double decrement of the reference count. This issue may allow a local attacker with user     privilege to crash the system or may lead to leaked internal kernel information. (CVE-2023-4389)

  - A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local     privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's     recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an     skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend     upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. (CVE-2023-4622)

  - A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control)     component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve     (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call     vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling     pointer that can cause a use-after-free. We recommend upgrading past commit     b3d26c5702c7d6c45456326e56d2ccf3f103e60f. (CVE-2023-4623)

  - A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to     achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending     network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug     and lack of error checking in agg_dequeue(). We recommend upgrading past commit     8fc134fee27f2263988ae38920bc03da416b03d8. (CVE-2023-4921)

  - A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve     local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed     but the field was not set to NULL which could lead to double free. We recommend upgrading past commit     e6e43b8aa7cd3c3af686caf0c2e11819a886d705. (CVE-2023-5345)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4072-1 advisory.

  - A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6     functionality when a user makes a new kind of SYN flood attack. A user located in the local network or     with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up     to 95%. (CVE-2023-1206)

  - A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs     in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem,     possibly leading to a kernel information leak. (CVE-2023-1859)

  - A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in     Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A     local user could use this flaw to crash the system or potentially cause a denial of service.
    (CVE-2023-2177)

  - A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the     fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds     read by setting the size fields with a value beyond the array boundaries, leading to a crash or     information disclosure. (CVE-2023-39192)

  - A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the     flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds     read, leading to a crash or information disclosure. (CVE-2023-39193)

  - A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing     of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local     privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an     information disclosure. (CVE-2023-39194)

  - A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using     SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke     the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can     trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel     configurations without stack guard pages (`CONFIG_VMAP_STACK`). (CVE-2023-4155)

  - An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro     could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to     arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash     the system or potentially escalate their privileges on the system. (CVE-2023-42753)

  - A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was     assumed to be associated with a device before calling __ip_options_compile, which is not always the case     if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash     the system. (CVE-2023-42754)

  - A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel     due to a double decrement of the reference count. This issue may allow a local attacker with user     privilege to crash the system or may lead to leaked internal kernel information. (CVE-2023-4389)

  - A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local     privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's     recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an     skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend     upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. (CVE-2023-4622)

  - A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control)     component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve     (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call     vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling     pointer that can cause a use-after-free. We recommend upgrading past commit     b3d26c5702c7d6c45456326e56d2ccf3f103e60f. (CVE-2023-4623)

  - A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to     achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending     network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug     and lack of error checking in agg_dequeue(). We recommend upgrading past commit     8fc134fee27f2263988ae38920bc03da416b03d8. (CVE-2023-4921)

  - A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve     local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed     but the field was not set to NULL which could lead to double free. We recommend upgrading past commit     e6e43b8aa7cd3c3af686caf0c2e11819a886d705. (CVE-2023-5345)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4057-1 advisory.

  - A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6     functionality when a user makes a new kind of SYN flood attack. A user located in the local network or     with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up     to 95%. (CVE-2023-1206)

  - A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs     in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem,     possibly leading to a kernel information leak. (CVE-2023-1859)

  - A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in     Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A     local user could use this flaw to crash the system or potentially cause a denial of service.
    (CVE-2023-2177)

  - An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds     and crash in read_descriptors in drivers/usb/core/sysfs.c. (CVE-2023-37453)

  - A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the     fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds     read by setting the size fields with a value beyond the array boundaries, leading to a crash or     information disclosure. (CVE-2023-39192)

  - A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the     flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds     read, leading to a crash or information disclosure. (CVE-2023-39193)

  - A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing     of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local     privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an     information disclosure. (CVE-2023-39194)

  - A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using     SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke     the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can     trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel     configurations without stack guard pages (`CONFIG_VMAP_STACK`). (CVE-2023-4155)

  - An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro     could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to     arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash     the system or potentially escalate their privileges on the system. (CVE-2023-42753)

  - A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was     assumed to be associated with a device before calling __ip_options_compile, which is not always the case     if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash     the system. (CVE-2023-42754)

  - A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel     due to a double decrement of the reference count. This issue may allow a local attacker with user     privilege to crash the system or may lead to leaked internal kernel information. (CVE-2023-4389)

  - A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local     privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's     recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an     skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend     upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. (CVE-2023-4622)

  - A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control)     component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve     (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call     vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling     pointer that can cause a use-after-free. We recommend upgrading past commit     b3d26c5702c7d6c45456326e56d2ccf3f103e60f. (CVE-2023-4623)

  - A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to     achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending     network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug     and lack of error checking in agg_dequeue(). We recommend upgrading past commit     8fc134fee27f2263988ae38920bc03da416b03d8. (CVE-2023-4921)

  - A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve     local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed     but the field was not set to NULL which could lead to double free. We recommend upgrading past commit     e6e43b8aa7cd3c3af686caf0c2e11819a886d705. (CVE-2023-5345)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3988-1 advisory.

  - A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-38457)

  - A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-40133)

  - A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs     in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem,     possibly leading to a kernel information leak. (CVE-2023-1859)

  - The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper     locking when performing operations on an object. An attacker can leverage this in conjunction with other     vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
    (CVE-2023-2007)

  - A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss     of confidentiality. (CVE-2023-20588)

  - A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in     Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A     local user could use this flaw to crash the system or potentially cause a denial of service.
    (CVE-2023-2177)

  - The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a     way such that not all of the headers would come in one piece. Unfortunately the logic introduced there     didn't account for the extreme case of the entire packet being split into as many pieces as permitted by     the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible)     headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver.
    (CVE-2023-34319)

  - A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to     achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in     the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend     upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. (CVE-2023-3610)

  - An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds     and crash in read_descriptors in drivers/usb/core/sysfs.c. (CVE-2023-37453)

  - A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue     may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in     xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. (CVE-2023-3772)

  - A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel.
    This flaw allows a local user with special privileges to impact a kernel information leak issue.
    (CVE-2023-3863)

  - An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before     6.4.10. There is a use-after-free because the children of an sk are mishandled. (CVE-2023-40283)

  - A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in     the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to     incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128)

  - A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the     cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This     flaw allows a local user to crash the system, causing a denial of service condition. (CVE-2023-4133)

  - A use-after-free flaw was found in the Linux kernel's Netfilter functionality when adding a rule with     NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
    (CVE-2023-4147)

  - A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to     bypass network filters and gain unauthorized access to some resources. The original patches fixing     CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits -     a096ccca6e50 (tun: tun_chr_open(): correctly initialize socket uid), - 66b2c338adce (tap: tap_open():
    correctly initialize socket uid), pass inode->i_uid to sock_init_data_uid() as the last parameter and     that turns out to not be accurate. (CVE-2023-4194)

  - A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation     of the file name reconstruction function, which is responsible for reading file name entries from a     directory index and merging file name parts belonging to one file into a single long file name. Since the     file name characters are copied into a stack variable, a local privileged attacker could use this flaw to     overflow the kernel stack. (CVE-2023-4273)

  - A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in     VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash     the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a     kernel information leak problem. (CVE-2023-4387)

  - A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in     the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with     normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
    (CVE-2023-4459)

  - A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux     Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which     results in a memory leak. (CVE-2023-4569)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3971-1 advisory.

  - A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-38457)

  - A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-40133)

  - The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper     locking when performing operations on an object. An attacker can leverage this in conjunction with other     vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
    (CVE-2023-2007)

  - A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss     of confidentiality. (CVE-2023-20588)

  - The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a     way such that not all of the headers would come in one piece. Unfortunately the logic introduced there     didn't account for the extreme case of the entire packet being split into as many pieces as permitted by     the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible)     headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver.
    (CVE-2023-34319)

  - A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to     achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in     the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend     upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. (CVE-2023-3610)

  - An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds     and crash in read_descriptors in drivers/usb/core/sysfs.c. (CVE-2023-37453)

  - A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue     may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in     xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. (CVE-2023-3772)

  - A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel.
    This flaw allows a local user with special privileges to impact a kernel information leak issue.
    (CVE-2023-3863)

  - An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before     6.4.10. There is a use-after-free because the children of an sk are mishandled. (CVE-2023-40283)

  - A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in     the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to     incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128)

  - A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the     cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This     flaw allows a local user to crash the system, causing a denial of service condition. (CVE-2023-4133)

  - A use-after-free flaw was found in the Linux kernel's Netfilter functionality when adding a rule with     NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
    (CVE-2023-4147)

  - A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to     bypass network filters and gain unauthorized access to some resources. The original patches fixing     CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits -     a096ccca6e50 (tun: tun_chr_open(): correctly initialize socket uid), - 66b2c338adce (tap: tap_open():
    correctly initialize socket uid), pass inode->i_uid to sock_init_data_uid() as the last parameter and     that turns out to not be accurate. (CVE-2023-4194)

  - A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation     of the file name reconstruction function, which is responsible for reading file name entries from a     directory index and merging file name parts belonging to one file into a single long file name. Since the     file name characters are copied into a stack variable, a local privileged attacker could use this flaw to     overflow the kernel stack. (CVE-2023-4273)

  - A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in     VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash     the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a     kernel information leak problem. (CVE-2023-4387)

  - A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in     the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with     normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
    (CVE-2023-4459)

  - A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux     Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which     results in a memory leak. (CVE-2023-4569)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3599-2 advisory.

  - A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-38457)

  - A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-40133)

  - The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper     locking when performing operations on an object. An attacker can leverage this in conjunction with other     vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
    (CVE-2023-2007)

  - A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss     of confidentiality. (CVE-2023-20588)

  - 2023-09-14: CVE-2023-4015 was added to this advisory. (CVE-2023-34319)

  - A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to     achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in     the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend     upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. (CVE-2023-3610)

  - An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds     and crash in read_descriptors in drivers/usb/core/sysfs.c. (CVE-2023-37453)

  - A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue     may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in     xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. (CVE-2023-3772)

  - A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel.
    This flaw allows a local user with special privileges to impact a kernel information leak issue.
    (CVE-2023-3863)

  - An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before     6.4.10. There is a use-after-free because the children of an sk are mishandled. (CVE-2023-40283)

  - A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in     the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to     incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128)

  - A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the     cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This     flaw allows a local user to crash the system, causing a denial of service condition. (CVE-2023-4133)

  - A use-after-free flaw was found in the Linux kernel's Netfilter functionality when adding a rule with     NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
    (CVE-2023-4147)

  - A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to     bypass network filters and gain unauthorized access to some resources. The original patches fixing     CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits -     a096ccca6e50 (tun: tun_chr_open(): correctly initialize socket uid), - 66b2c338adce (tap: tap_open():
    correctly initialize socket uid), pass inode->i_uid to sock_init_data_uid() as the last parameter and     that turns out to not be accurate. (CVE-2023-4194)

  - A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation     of the file name reconstruction function, which is responsible for reading file name entries from a     directory index and merging file name parts belonging to one file into a single long file name. Since the     file name characters are copied into a stack variable, a local privileged attacker could use this flaw to     overflow the kernel stack. (CVE-2023-4273)

  - A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in     VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash     the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a     kernel information leak problem. (CVE-2023-4387)

  - A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in     the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with     normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
    (CVE-2023-4459)

  - A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux     Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which     results in a memory leak. (CVE-2023-4569)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3704-1 advisory.

  - A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-38457)

  - A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-40133)

  - The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper     locking when performing operations on an object. An attacker can leverage this in conjunction with other     vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
    (CVE-2023-2007)

  - A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss     of confidentiality. (CVE-2023-20588)

  - 2023-09-14: CVE-2023-4015 was added to this advisory. (CVE-2023-34319)

  - A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to     achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in     the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend     upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. (CVE-2023-3610)

  - An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds     and crash in read_descriptors in drivers/usb/core/sysfs.c. (CVE-2023-37453)

  - A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue     may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in     xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. (CVE-2023-3772)

  - A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel.
    This flaw allows a local user with special privileges to impact a kernel information leak issue.
    (CVE-2023-3863)

  - An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before     6.4.10. There is a use-after-free because the children of an sk are mishandled. (CVE-2023-40283)

  - A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in     the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to     incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128)

  - A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the     cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This     flaw allows a local user to crash the system, causing a denial of service condition. (CVE-2023-4133)

  - A use-after-free flaw was found in the Linux kernel's Netfilter functionality when adding a rule with     NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
    (CVE-2023-4147)

  - A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to     bypass network filters and gain unauthorized access to some resources. The original patches fixing     CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits -     a096ccca6e50 (tun: tun_chr_open(): correctly initialize socket uid), - 66b2c338adce (tap: tap_open():
    correctly initialize socket uid), pass inode->i_uid to sock_init_data_uid() as the last parameter and     that turns out to not be accurate. (CVE-2023-4194)

  - A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation     of the file name reconstruction function, which is responsible for reading file name entries from a     directory index and merging file name parts belonging to one file into a single long file name. Since the     file name characters are copied into a stack variable, a local privileged attacker could use this flaw to     overflow the kernel stack. (CVE-2023-4273)

  - A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in     VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash     the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a     kernel information leak problem. (CVE-2023-4387)

  - A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in     the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with     normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
    (CVE-2023-4459)

  - A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux     Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which     results in a memory leak. (CVE-2023-4569)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3656-1 advisory.

  - A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-38457)

  - A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-40133)

  - The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper     locking when performing operations on an object. An attacker can leverage this in conjunction with other     vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
    (CVE-2023-2007)

  - A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss     of confidentiality. (CVE-2023-20588)

  - A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss     of confidentiality. (CVE-2023-20588) (CVE-2023-34319)

  - A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to     achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in     the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend     upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. (CVE-2023-3610)

  - An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds     and crash in read_descriptors in drivers/usb/core/sysfs.c. (CVE-2023-37453)

  - A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue     may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in     xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. (CVE-2023-3772)

  - A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel.
    This flaw allows a local user with special privileges to impact a kernel information leak issue.
    (CVE-2023-3863)

  - An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before     6.4.10. There is a use-after-free because the children of an sk are mishandled. (CVE-2023-40283)

  - A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in     the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to     incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128)

  - A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the     cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This     flaw allows a local user to crash the system, causing a denial of service condition. (CVE-2023-4133)

  - A use-after-free flaw was found in the Linux kernel's Netfilter functionality when adding a rule with     NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
    (CVE-2023-4147)

  - A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to     bypass network filters and gain unauthorized access to some resources. The original patches fixing     CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits -     a096ccca6e50 (tun: tun_chr_open(): correctly initialize socket uid), - 66b2c338adce (tap: tap_open():
    correctly initialize socket uid), pass inode->i_uid to sock_init_data_uid() as the last parameter and     that turns out to not be accurate. (CVE-2023-4194)

  - A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation     of the file name reconstruction function, which is responsible for reading file name entries from a     directory index and merging file name parts belonging to one file into a single long file name. Since the     file name characters are copied into a stack variable, a local privileged attacker could use this flaw to     overflow the kernel stack. (CVE-2023-4273)

  - A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in     VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash     the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a     kernel information leak problem. (CVE-2023-4387)

  - A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in     the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with     normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
    (CVE-2023-4459)

  - ** REJECT ** This was assigned as a duplicate of CVE-2023-4244. (CVE-2023-4563)

  - A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux     Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which     results in a memory leak. (CVE-2023-4569)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3599-1 advisory.

  - A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-38457)

  - A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in     drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128     (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing     a denial of service(DoS). (CVE-2022-40133)

  - The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper     locking when performing operations on an object. An attacker can leverage this in conjunction with other     vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
    (CVE-2023-2007)

  - A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss     of confidentiality. (CVE-2023-20588)

  - A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss     of confidentiality. (CVE-2023-20588) (CVE-2023-34319)

  - A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to     achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in     the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend     upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. (CVE-2023-3610)

  - An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds     and crash in read_descriptors in drivers/usb/core/sysfs.c. (CVE-2023-37453)

  - A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue     may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in     xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. (CVE-2023-3772)

  - A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel.
    This flaw allows a local user with special privileges to impact a kernel information leak issue.
    (CVE-2023-3863)

  - An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before     6.4.10. There is a use-after-free because the children of an sk are mishandled. (CVE-2023-40283)

  - A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in     the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to     incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128)

  - A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the     cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This     flaw allows a local user to crash the system, causing a denial of service condition. (CVE-2023-4133)

  - A use-after-free flaw was found in the Linux kernel's Netfilter functionality when adding a rule with     NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
    (CVE-2023-4147)

  - A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to     bypass network filters and gain unauthorized access to some resources. The original patches fixing     CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits -     a096ccca6e50 (tun: tun_chr_open(): correctly initialize socket uid), - 66b2c338adce (tap: tap_open():
    correctly initialize socket uid), pass inode->i_uid to sock_init_data_uid() as the last parameter and     that turns out to not be accurate. (CVE-2023-4194)

  - A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation     of the file name reconstruction function, which is responsible for reading file name entries from a     directory index and merging file name parts belonging to one file into a single long file name. Since the     file name characters are copied into a stack variable, a local privileged attacker could use this flaw to     overflow the kernel stack. (CVE-2023-4273)

  - A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in     VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash     the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a     kernel information leak problem. (CVE-2023-4387)

  - A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in     the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with     normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
    (CVE-2023-4459)

  - ** REJECT ** This was assigned as a duplicate of CVE-2023-4244. (CVE-2023-4563)

  - A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux     Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which     results in a memory leak. (CVE-2023-4569)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-da8b7c1ca3 advisory.

    The 6.4.13 stable kernel updates contain a number of important fixes across the tree.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a1ca0ef4d6 advisory.

    The 6.4.13 stable kernel updates contain a number of important fixes across the tree.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
186088	Slackware Linux 15.0 kernel-generic Multiple Vulnerabilities (SSA:2023-325-01)	Nessus	Slackware Local Security Checks	critical
184801	openSUSE 15 Security Update : kernel (SUSE-SU-2023:4072-2)	Nessus	SuSE Local Security Checks	high
183278	SUSE SLES15 Security Update : kernel (SUSE-SU-2023:4093-1)	Nessus	SuSE Local Security Checks	high
183076	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2023:4072-1)	Nessus	SuSE Local Security Checks	high
183010	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:4057-1)	Nessus	SuSE Local Security Checks	high
182669	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3988-1)	Nessus	SuSE Local Security Checks	high
182572	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3971-1)	Nessus	SuSE Local Security Checks	high
181779	SUSE SLES15 Security Update : kernel (SUSE-SU-2023:3599-2)	Nessus	SuSE Local Security Checks	high
181742	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3704-1)	Nessus	SuSE Local Security Checks	high
181574	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3656-1)	Nessus	SuSE Local Security Checks	high
181457	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3599-1)	Nessus	SuSE Local Security Checks	high
180463	Fedora 38 : kernel (2023-da8b7c1ca3)	Nessus	Fedora Local Security Checks	critical
180462	Fedora 37 : kernel (2023-a1ca0ef4d6)	Nessus	Fedora Local Security Checks	critical

Detections

Analytics

CVE-2023-4563

No Score

Tenable Plugins

critical

high

high

high

high

high

high

high

high

high

high

critical

critical