ALAS2KERNEL-5.15-2023-026 --- kernelID: oval:org.secpod.oval:def:1701573 | Date: (C)2023-09-19 (M)2024-04-25 |
Class: PATCH | Family: unix |
A Gather Data Sampling transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction to infer stale data from previously used vector registers on the same physical core. A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet. This flaw allows an unprivileged guest to cause a denial of service of the host by sending network packets to the backend, causing the backend to crash. A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. A use-after-free flaw was found in net/sched/cls_fw.c in classifiers in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
Product: |
kernel |
perf |
python-perf |
bpftool |