[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2023-0148":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T02:53:27.892Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":46,"duplicates":47,"related":48,"reserved_at":9,"published_at":65,"modified_at":66,"state":9,"summary":67,"references_raw":69,"kevs":114,"epss":9,"epss_history":115,"metrics":116,"affected":117},"MGASA-2023-0148","Updated kernel packages fix security vulnerability\n\nThis kernel update is based on upstream 5.15.106 and fixes atleast the\nfollowing security issues:\n\nA flaw was found in the Linux Kernel. The tun/tap sockets have their socket\nUID hardcoded to 0 due to a type confusion in their initialization function.\nWhile it will be often correct, as tuntap devices require CAP_NET_ADMIN,\nit may not always be the case, e.g., a non-root user only having that\ncapability. This would make tun/tap sockets being incorrectly treated in\nfiltering/routing decisions, possibly bypassing network filters\n(CVE-2023-1076).\n\nIn the Linux kernel, pick_next_rt_entity() may return a type confused entry,\nnot detected by the BUG_ON condition, as the confused entry will not be\nNULL, but list_head.The buggy error condition would lead to a type confused\nentry with the list head,which would then be used as a type confused\nsched_rt_entity,causing memory corruption (CVE-2023-1077).\n\nA flaw was found in the Linux kernel. A use-after-free may be triggered in\nasus_kbd_backlight_set when plugging/disconnecting in a malicious USB device,\nwhich advertises itself as an Asus device. Similarly to the previous known\nCVE-2023-25012, but in asus devices, the work_struct may be scheduled by the\nLED controller while the device is disconnecting, triggering a use-after-free\non the struct asus_kbd_leds *led structure. A malicious USB device may\nexploit the issue to cause memory corruption with controlled data\n(CVE-2023-1079).\n\nA flaw use after free in the Linux kernel integrated infrared receiver/\ntransceiver driver was found in the way user detaching rc device. A local\nuser could use this flaw to crash the system or potentially escalate their\nprivileges on the system (CVE-2023-1118).\n\nA use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c\nin btrfs in the Linux Kernel.This flaw allows an attacker to crash the\nsystem and possibly cause a kernel information leak (CVE-2023-1611).\n\nA flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card)\nEthernet driver was found.A local user could use this flaw to crash the\nsystem or potentially escalate their privileges on the system\n(CVE-2023-1670).\n\nA use-after-free vulnerability in the Linux Kernel traffic control index\nfilter (tcindex) can be exploited to achieve local privilege escalation.\nThe tcindex_delete function which does not properly deactivate filters in\ncase of a perfect hashes while deleting the underlying structure which can\nlater lead to double freeing the structure. A local attacker user can use\nthis vulnerability to elevate its privileges to root (CVE-2023-1829).\n\nA use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/\nxgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon).\nThis flaw could allow a local attacker to crash the system due to a race\nproblem. This vulnerability could even lead to a kernel information leak\nproblem (CVE-2023-1855).\n\nA use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\\nbtsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with\nan unfinished job, may cause a race problem leading to a UAF on hdev\ndevices (CVE-2023-1989).\n\nA use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c\nin the Linux Kernel. This flaw could allow an attacker to crash the system\ndue to a race problem (CVE-2023-1990).\n\nA flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using\na specific networking configuration (redirecting egress packets to ingress\nusing TC action \"mirred\") a local unprivileged user could trigger a CPU\nsoft lockup (ABBA deadlock) when the transport protocol in use (TCP or\nSCTP) does a retransmission, resulting in a denial of service condition\n(CVE-2022-4269).\n\nA use-after-free vulnerability was found in __nfs42_ssc_open() in\nfs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to\nconduct a remote denial of service (CVE-2022-4379).\n\nThe Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in\ndrivers/hid/hid-bigbenff.c via a crafted USB device because the LED\ncontrollers remain registered for too long (CVE-2023-25012).\n\ndo_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6\nlacks a lock_sock call, leading to a race condition (with a resultant\nuse-after-free or NULL pointer dereference) (CVE-2023-28466).\n\nAn issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel\nbefore 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4\n(CVE-2023-30456).\n\nThe Linux kernel before 6.2.9 has a race condition and resultant\nuse-after-free in drivers/power/supply/da9150-charger.c if a physically\nproximate attacker unplugs a device (CVE-2023-30772).\n\nFor other upstream fixes in this update, see the referenced changelogs.\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44],{"_key":15},"CVE-2022-4269",{"_key":17},"CVE-2022-4379",{"_key":19},"CVE-2023-1076",{"_key":21},"CVE-2023-1077",{"_key":23},"CVE-2023-1079",{"_key":25},"CVE-2023-1118",{"_key":27},"CVE-2023-1611",{"_key":29},"CVE-2023-1670",{"_key":31},"CVE-2023-1829",{"_key":33},"CVE-2023-1855",{"_key":35},"CVE-2023-1989",{"_key":37},"CVE-2023-1990",{"_key":39},"CVE-2023-25012",{"_key":41},"CVE-2023-28466",{"_key":43},"CVE-2023-30456",{"_key":45},"CVE-2023-30772",[],[],[49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},"2023-04-17T19:52:59Z","2026-04-16T04:43:48.510957630Z",{"cisa_kev":68,"cisa_ransomware":68,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[70,76,81,86,90,94,98,102,106,110],{"url":71,"sources":72,"tags":74},"https://advisories.mageia.org/MGASA-2023-0148.html",[73],"osv_mageia",[75],"Advisory",{"url":77,"sources":78,"tags":79},"https://bugs.mageia.org/show_bug.cgi?id=31777",[73],[80],"REPORT",{"url":82,"sources":83,"tags":84},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.99",[73],[80,85],"WEB",{"url":87,"sources":88,"tags":89},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.100",[73],[80,85],{"url":91,"sources":92,"tags":93},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.101",[73],[80,85],{"url":95,"sources":96,"tags":97},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.102",[73],[80,85],{"url":99,"sources":100,"tags":101},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.103",[73],[80,85],{"url":103,"sources":104,"tags":105},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.104",[73],[80,85],{"url":107,"sources":108,"tags":109},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.105",[73],[80,85],{"url":111,"sources":112,"tags":113},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.106",[73],[80,85],[],[],[],[118,130,136],{"ecosystem":119,"name":120,"vendor":121,"product":120,"cpe_part":9,"purl_type":122,"purl_namespace":121,"purl_name":120,"source":9,"versions":123},"Mageia","kernel","mageia","rpm",[124],{"version":125,"is_range":126,"range_type":127,"version_start":9,"version_start_type":9,"version_end":128,"version_end_type":129,"fixed_in":9},"lt5_15_106_2_mga8",true,"ecosystem","5.15.106-2.mga8","excluding",{"ecosystem":119,"name":131,"vendor":121,"product":131,"cpe_part":9,"purl_type":122,"purl_namespace":121,"purl_name":131,"source":9,"versions":132},"kmod-virtualbox",[133],{"version":134,"is_range":126,"range_type":127,"version_start":9,"version_start_type":9,"version_end":135,"version_end_type":129,"fixed_in":9},"lt7_0_6_1_8_mga8","7.0.6-1.8.mga8",{"ecosystem":119,"name":137,"vendor":121,"product":137,"cpe_part":9,"purl_type":122,"purl_namespace":121,"purl_name":137,"source":9,"versions":138},"kmod-xtables-addons",[139],{"version":140,"is_range":126,"range_type":127,"version_start":9,"version_start_type":9,"version_end":141,"version_end_type":129,"fixed_in":9},"lt3_23_1_10_mga8","3.23-1.10.mga8"]