A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may caus — CVE-2023-0468

Zusammenfassung

Sicherheitshinweis CVE-2023-0468. A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race… Hersteller: Microsoft. Quelle: MSRC. Risiko: medium. CVSS 4.7.…

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

• Prüfe Exponierung und plane Maßnahmen nach Risiko und Umfeld.
• Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
• Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
• Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Zur offiziellen Quelle

Mehr dazu

• A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on CVE-2022-4543
• A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. CVE-2022-41861
• A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. CVE-2023-0394
• A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denia CVE-2023-0469
• An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is CVE-2022-4285
• An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names a CVE-2018-14628
• Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting CVE-2022-37436
• Apache Portable Runtime Utility (APR-util): out-of-bounds writes in the apr_base64 family of functions CVE-2022-25147
• atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes CVE-2023-23455
• BitLocker Security Feature Bypass Vulnerability CVE-2023-21563
• Buffer Overlow in TSS2_RC_Decode in tpm2-tss CVE-2023-22745
• cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negativ CVE-2023-23454