Slackware Linux update for kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 61 |
| CVE-ID | CVE-2023-35788 CVE-2022-45887 CVE-2022-45886 CVE-2023-3212 CVE-2022-45919 CVE-2023-2124 CVE-2023-3609 CVE-2023-3117 CVE-2023-3390 CVE-2023-3338 CVE-2023-3610 CVE-2023-31248 CVE-2023-38432 CVE-2023-3866 CVE-2023-2898 CVE-2023-44466 CVE-2023-4132 CVE-2023-3611 CVE-2022-48502 CVE-2023-3865 CVE-2023-35001 CVE-2023-3776 CVE-2023-3863 CVE-2023-20593 CVE-2023-3777 CVE-2023-4004 CVE-2023-4015 CVE-2023-4147 CVE-2023-1206 CVE-2022-40982 CVE-2023-20569 CVE-2023-20588 CVE-2023-4128 CVE-2023-4208 CVE-2023-4206 CVE-2023-4207 CVE-2023-40283 CVE-2023-4569 CVE-2023-39194 CVE-2023-4273 CVE-2023-3772 CVE-2023-4921 CVE-2023-4623 CVE-2023-42753 CVE-2023-42752 CVE-2023-39189 CVE-2023-45871 CVE-2023-39193 CVE-2023-39192 CVE-2023-42755 CVE-2023-42754 CVE-2023-4563 CVE-2023-4244 CVE-2023-5197 CVE-2023-34324 CVE-2023-31085 CVE-2023-5158 CVE-2023-35827 CVE-2023-46813 CVE-2023-5717 CVE-2023-5178 |
| CWE-ID | CWE-787 CWE-362 CWE-416 CWE-476 CWE-125 CWE-119 CWE-399 CWE-400 CWE-1342 CWE-200 CWE-369 CWE-401 CWE-121 CWE-190 CWE-833 CWE-20 CWE-284 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #21 is available. Public exploit code for vulnerability #59 is available. Public exploit code for vulnerability #61 is available. |
| Vulnerable software Subscribe |
Slackware Linux Operating systems & Components / Operating system linux-5.15.139/kernel-modules Operating systems & Components / Operating system package or component linux-5.15.139/kernel-huge Operating systems & Components / Operating system package or component linux-5.15.139/kernel-generic Operating systems & Components / Operating system package or component linux-5.15.139/kernel-headers Operating systems & Components / Operating system package or component |
| Vendor | Slackware |
Security Bulletin
This security bulletin contains information about 61 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU77502
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35788
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the fl_set_geneve_opt() function in net/sched/cls_flower.c in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU75338
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-45887
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in drivers/media/usb/ttusb-dec/ttusb_dec.c in Linux kernel. A local user can exploit the race and crash the kernel.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU75336
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-45886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU78009
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3212
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the gfs2 file system in the Linux kernel. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU75337
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-45919
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU75323
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2124
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack..
The vulnerability exists due to a boundary condition within the XFS subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and crash the kernel.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU78941
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3609
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: cls_u32 component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU78457
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3117
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Netfilter subsystem. A local user with CAP_NET_ADMIN capability can trigger the use-after-free error and execute arbitrary code on the system.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU78007
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3390
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within net/netfilter/nf_tables_api.c in the Linux kernel netfilter subsystem. A local user can trigger a use-after-fee error and escalate privileges on the system.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU77704
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3338
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the DECnet socket in net/decnet/dn_nsp_out.c. A local user can trigger a NULL pointer dereference and perform a denial of service (DoS) attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU78779
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3610
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_tables component in Linux kernel netfilter. A local user with CAP_NET_ADMIN capability can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU78325
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-31248
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in nft_chain_lookup_byid() function, which failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace. A local user ca trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU79478
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38432
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in fs/smb/server/smb2misc.c in ksmbd. A remote attacker can send specially crafted packets to the system to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU81662
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3866
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the void __handle_ksmbd_work() function in fs/smb/server/server.c when handling chained requests. A remote attacker can send specially crafted data to the ksmbd and perform a denial of service (DoS) attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU79476
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2898
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the f2fs_write_end_io() function in fs/f2fs/data.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU81660
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-44466
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the ceph_decode_32() function in net/ceph/messenger_v2.c in the Ceph filesystem when handling TCP packets. A remote attacker can send specially crafted HELLO or AUTH frames to trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU79712
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4132
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the siano smsusb module in the Linux kernel. A local user can trigger a use-after-free error and crash the kernel.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds write
EUVDB-ID: #VU78943
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3611
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the qfq_change_agg() function in net/sched/sch_qfq.c within the Linux kernel net/sched: sch_qfq component. A local user trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU78725
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48502
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ntfs_set_ea() function in fs/ntfs3/xattr.c in Linux kernel ntfs3 subsystem. A local user can trigger an out-of-bounds read error and read contents of memory on the system or crash the OS kernel.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU81661
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3865
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the ksmbd_smb2_check_message() function in fs/smb/server/smb2misc.c when parsing smb2_hdr structure. A remote user can send specially crafted packets to ksmbd, trigger an out-of-bounds read error and read contents of memory or perform a denial of service (DoS) attack.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds write
EUVDB-ID: #VU78326
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-35001
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_byteorder() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
22) Use-after-free
EUVDB-ID: #VU79285
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3776
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU79479
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3863
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_llcp_find_local() function in net/nfc/llcp_core.c in NFC implementation in Linux kernel. A local user can execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU78572
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20593
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in AMD Zen2 processors. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Note, the vulnerability was dubbed Zenbleed.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Resource management error
EUVDB-ID: #VU80121
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3777
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper handling of table rules flush in certain circumstances within the netfilter subsystem in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack or execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU79498
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4004
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. A local user can execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Buffer overflow
EUVDB-ID: #VU80123
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4015
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/nft_immediate.c when handling bound chain deactivation. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free
EUVDB-ID: #VU79713
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4147
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Resource exhaustion
EUVDB-ID: #VU77953
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1206
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Information exposure through microarchitectural state after transient execution
EUVDB-ID: #VU79262
Risk: Medium
CVSSv3.1: 7.6 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-40982
CWE-ID:
CWE-1342 - Information Exposure through Microarchitectural State after Transient Execution
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to the way data is shared between threads whereby the AVX GATHER instructions on Intel processors can forward the content of stale vector registers to dependent instructions. A malicious guest can infer data from different contexts on the same core and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Information disclosure
EUVDB-ID: #VU79263
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20569
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a side channel issue in AMD CPUs. A remote user can influence the return address prediction and gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Division by zero
EUVDB-ID: #VU79239
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20588
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a divide by zero error that can return speculative data. A local user can gain access to potentially sensitive information.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU79486
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4128
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU80586
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4208
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the cls_u32 component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU80580
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4206
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the cls_route component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use-after-free
EUVDB-ID: #VU80587
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4207
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the cls_fw component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU79714
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40283
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Memory leak
EUVDB-ID: #VU80584
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4569
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the nft_set_catchall_flush() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU81919
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39194
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the XFRM subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Stack-based buffer overflow
EUVDB-ID: #VU79487
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4273
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the implementation of the file name reconstruction function in the exFAT driver in Linux kernel. A local user can trigger a stack overflow and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) NULL pointer dereference
EUVDB-ID: #VU80578
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can perform a denial of service (DoS) attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use-after-free
EUVDB-ID: #VU81693
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4921
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the qfq_dequeue() function within the the Linux kernel's net/sched: sch_qfq component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU81664
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4623
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: sch_hfsc (HFSC qdisc traffic control) component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds write
EUVDB-ID: #VU81663
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42753
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Integer overflow
EUVDB-ID: #VU80877
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42752
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within the __alloc_skb() function. A local user can trigger integer overflow and crash the kernel.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Out-of-bounds read
EUVDB-ID: #VU82659
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39189
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the nfnl_osf_add_callback() function in Linux kernel Netfilter. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Buffer overflow
EUVDB-ID: #VU83381
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45871
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c when handling frames larger than the MTU. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Out-of-bounds read
EUVDB-ID: #VU81920
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39193
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sctp_mt_check() function in Netfilter subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Out-of-bounds read
EUVDB-ID: #VU81921
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39192
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the the u32_match_it() function in Netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and gain access to sensitive information.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Out-of-bounds read
EUVDB-ID: #VU82305
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42755
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the the IPv4 Resource Reservation Protocol (RSVP) classifier function in the Linux kernel. A local user can trigger an out-of-bounds read error and crash the Linux kernel.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) NULL pointer dereference
EUVDB-ID: #VU81452
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42754
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Use-after-free
EUVDB-ID: #VU80177
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4563
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the nft_verdict_dump() function of the nftables sub-component. A local user can trigger a race condition between set GC and transaction and perform a DoS attack.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Use-after-free
EUVDB-ID: #VU82306
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4244
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Use-after-free
EUVDB-ID: #VU82304
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5197
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Deadlock
EUVDB-ID: #VU81900
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34324
CWE-ID:
CWE-833 - Deadlock
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Division by zero
EUVDB-ID: #VU82660
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-31085
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide by zero error within the drivers/mtd/ubi/cdev.c driver. A local user can perform a denial of service (DoS) attack.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Input validation error
EUVDB-ID: #VU83440
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5158
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the vringh_kiov_advance() function in drivers/vhost/vringh.c in the host side of a virtio ring. A malicious guest can crash the host OS via zero length descriptor.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Use-after-free
EUVDB-ID: #VU82758
Risk: Low
CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35827
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Improper access control
EUVDB-ID: #VU82764
Risk: Low
CVSSv3.1: 7.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-46813
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses. A local user can gain arbitrary write access to kernel memory and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
60) Out-of-bounds write
EUVDB-ID: #VU83311
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5717
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's Linux Kernel Performance Events (perf) component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use-after-free
EUVDB-ID: #VU82658
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-5178
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/nvme/target/tcp.c in nvmet_tcp_free_crypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
MitigationUpdate the affected package kernel.
Vulnerable software versionsSlackware Linux: 15.0
linux-5.15.139/kernel-modules: before 5.15.139
linux-5.15.139/kernel-huge: before 5.15.139
linux-5.15.139/kernel-generic: before 5.15.139
linux-5.15.139/kernel-headers: before 5.15.139_smp
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.892863
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
