ALAS2023-2024-488 --- kernelID: oval:org.secpod.oval:def:19500580 | Date: (C)2024-02-13 (M)2024-04-29 |
Class: PATCH | Family: unix |
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system
Platform: |
Amazon Linux 2023 |
Product: |
kernel |
perf |
python3-perf |
bpftool |