SB2023101768 - Multiple vulnerabilities in Oracle VM Server for x86

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023101768

SB2023101768 - Multiple vulnerabilities in Oracle VM Server for x86

Published: October 17, 2023 Updated: November 23, 2023

Security Bulletin ID SB2023101768
Severity
Medium
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 8% Low 92%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2022-48174)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input ash.c. A remote attacker can send specially crafted data to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.


2) Type Confusion (CVE-ID: CVE-2022-34918)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in the Linux kernel’s Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. A local user can pass specially crafted data to the application, trigger a type confusion error and escalate privileges on the system.


3) Out-of-bounds write (CVE-ID: CVE-2023-35001)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the nft_byteorder() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.


4) Out-of-bounds write (CVE-ID: CVE-2023-3611)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the qfq_change_agg() function in net/sched/sch_qfq.c within the Linux kernel net/sched: sch_qfq component. A local user trigger an out-of-bounds write and execute arbitrary code on the target system.


5) Use-after-free (CVE-ID: CVE-2023-3776)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


6) Use-after-free (CVE-ID: CVE-2023-40283)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


7) Use-after-free (CVE-ID: CVE-2023-2513)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4 filesystem in the way it handled the extra inode size for extended attributes. A local user can trigger a use-after-free error and escalate privileges on the system.



8) Double Free (CVE-ID: CVE-2023-4387)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary error within the vmxnet3_rq_alloc_rx_buf() function in drivers/net/vmxnet3/vmxnet3_drv.c in VMware vmxnet3 ethernet NIC driver. A local user can  trigger a double free error and gain access to sensitive information or crash the kernel.


9) NULL pointer dereference (CVE-ID: CVE-2023-4459)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the vmxnet3_rq_cleanup() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.


10) Use-after-free (CVE-ID: CVE-2023-4206)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the cls_route component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code on the system.


11) Use-after-free (CVE-ID: CVE-2023-4208)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the cls_u32 component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


12) Input validation error (CVE-ID: CVE-2023-22024)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the OS kernel. A local user can pass specially crafted input to the system and perform a denial of service (DoS) attack.


13) NULL pointer dereference (CVE-ID: CVE-2023-3772)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References