[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2023-0166":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T02:53:27.892Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":26,"duplicates":27,"related":28,"reserved_at":9,"published_at":35,"modified_at":36,"state":9,"summary":37,"references_raw":39,"kevs":68,"epss":9,"epss_history":69,"metrics":70,"affected":71},"MGASA-2023-0166","Updated kernel packages fix security vulnerabilities\n\nThis kernel update is based on upstream 5.15.110 and fixes atleast the\nfollowing security issues:\n\nA slab-out-of-bound read problem was found in brcmf_get_assoc_ies in\ndrivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.\nThis issue could occur when assoc_info->req_len data is bigger than the\nsize of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of\nservice (CVE-2023-1380).\n\nIt was discovered that a race condition existed in the Xen transport layer\nimplementation for the 9P file system protocol in the Linux kernel, leading\nto a use-after-free vulnerability. A local attacker could use this to cause\na denial of service or expose sensitive information (CVE-2023-1859).\n\nAn insufficient permission check has been found in the Bluetooth subsystem\nof the Linux kernel when handling ioctl system calls of HCI sockets.\nThis causes tasks without the proper CAP_NET_ADMIN capability can easily\nmark HCI sockets as _trusted_. Trusted sockets are intended to enable the\nsending and receiving of management commands and events, such as pairing\nor connecting with a new device.  As a result, unprivileged users can\nacquire a trusted socket, leading to unauthorized execution of management\ncommands (CVE-2023-2002).\n\nA heap out-of-bounds read/write vulnerability in the Linux Kernel traffic\ncontrol (QoS) subsystem can be exploited to achieve local privilege\nescalation. The qfq_change_class function does not properly limit the lmax\nvariable which can lead to out-of-bounds read/write. If the TCA_QFQ_LMAX\nvalue is not offered through nlattr, lmax is determined by the MTU value\nof the network device. The MTU of the loopback device can be set up to\n2^31-1 and as a result, it is possible to have an lmax value that exceeds\nQFQ_MIN_LMAX (CVE-2023-2248).\n\nqfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13\nallows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX\n(CVE-2023-31436).\n\nLinux kernel use-after-free in Netfilter nf_tables when processing batch\nrequests can be abused to perform arbitrary reads and writes in kernel\nmemory. An unprivilegied local user can exploit this to start a local \nroot shell (CVE-2023-32233).\n\nFor other upstream fixes in this update, see the referenced changelogs.\n",null,[],[],[],[14,16,18,20,22,24],{"_key":15},"CVE-2023-1380",{"_key":17},"CVE-2023-1859",{"_key":19},"CVE-2023-2002",{"_key":21},"CVE-2023-2248",{"_key":23},"CVE-2023-31436",{"_key":25},"CVE-2023-32233",[],[],[29,30,31,32,33,34],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},"2023-05-16T19:17:40Z","2026-04-16T04:23:23.611896Z",{"cisa_kev":38,"cisa_ransomware":38,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[40,46,51,56,60,64],{"url":41,"sources":42,"tags":44},"https://advisories.mageia.org/MGASA-2023-0166.html",[43],"osv_mageia",[45],"Advisory",{"url":47,"sources":48,"tags":49},"https://bugs.mageia.org/show_bug.cgi?id=31875",[43],[50],"REPORT",{"url":52,"sources":53,"tags":54},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.107",[43],[50,55],"WEB",{"url":57,"sources":58,"tags":59},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.108",[43],[50,55],{"url":61,"sources":62,"tags":63},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.109",[43],[50,55],{"url":65,"sources":66,"tags":67},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.110",[43],[50,55],[],[],[],[72,84,90],{"ecosystem":73,"name":74,"vendor":75,"product":74,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":74,"source":9,"versions":77},"Mageia","kernel","mageia","rpm",[78],{"version":79,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":82,"version_end_type":83,"fixed_in":9},"lt5_15_110_2_mga8",true,"ecosystem","5.15.110-2.mga8","excluding",{"ecosystem":73,"name":85,"vendor":75,"product":85,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":85,"source":9,"versions":86},"kmod-virtualbox",[87],{"version":88,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":89,"version_end_type":83,"fixed_in":9},"lt7_0_8_1_2_mga8","7.0.8-1.2.mga8",{"ecosystem":73,"name":91,"vendor":75,"product":91,"cpe_part":9,"purl_type":76,"purl_namespace":75,"purl_name":91,"source":9,"versions":92},"kmod-xtables-addons",[93],{"version":94,"is_range":80,"range_type":81,"version_start":9,"version_start_type":9,"version_end":95,"version_end_type":83,"fixed_in":9},"lt3_23_1_14_mga8","3.23-1.14.mga8"]