Rocky Linux Security Updates RLSA-2023:5312 (CVE-2023-20900) and RSLA-2023:5244 (CVE-2023-35001, CVE-2023-4004, CVE-2023-3390, CVE-2023-3776, CVE-2023-3090, CVE-2023-35788, CVE-2023-20593, CVE-2023-2002)
22784
07 November 2023
07 November 2023
CLOSED
LOW
Varies
Multiple
|
Brocade Security Advisory ID |
BSA-2023-2436 |
|
Component |
Linux |
|
|
|
Summary
Rocky Linux security update RLSA-2023:5312
CVE-2023-20900
A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias
Rocky Linux security update RLSA-2023:5244
CVE-2023-35001
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
CVE-2023-4004
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.
CVE-2023-3390
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.
Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.
CVE-2023-3776
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.
If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.
CVE-2023-3090
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.
The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.
CVE-2023-35788
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
CVE-2023-20593
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
CVE-2023-2002
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
Products Affected
Brocade ASCG versions prior to v3.0 are affected by CVE-2023-20900, CVE-2023-35001, CVE-2023-4004 and CVE-2023-3390.
Products Confirmed Not Affected
Brocade Fabric OS is not affected by these vulnerabilities. While some modules exist within the Linux OS, the vulnerable code and vulnerable functionality is not used by the Fabric OS.
Brocade SANnav is not affected by these vulnerabilities. While the vulnerable code exists within the underlying OS used by the Brocade SANnav OVA application, the vulnerable code and functionality is not used by SANnav.
Solution
The identified Rocky Linux security updates have been applied in Brocade ASCG v3.0 and later versions
While Brocade SANnav is not affected, the same Rocky Linux security updates will be applied in the upcoming SANnav releases
While Brocade Fabric OS is not affected, the Linux OS used by Fabric OS will be upgraded in a future release to ensure that any vulnerable code while not used is either patched or removed
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
November 7, 2023 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.