[월:] 2023년 06월

USN-6162-1: Linux kernel (Intel IoTG) vulnerabilities Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32233) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31436) Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456) It was discovered that [ more… ]

USN-6161-1: .NET vulnerabilities It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. (CVE-2023-24936) Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-29331) Kalle Niemitalo discovered that the .NET package manager, NuGet, was susceptible to a potential race condition. An attacker could possibly use this issue to perform remote code execution. (CVE-2023-29337) Tom Deseyn discovered that .NET did not properly process certain arguments when extracting the contents of a tar file. An attacker could possibly use this issue to elevate their privileges. This issue only affected the dotnet7 package. (CVE-2023-32032) It was discovered that .NET did not properly [ more… ]