[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2023-0173":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T02:53:27.892Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":24,"duplicates":25,"related":26,"reserved_at":9,"published_at":32,"modified_at":33,"state":9,"summary":34,"references_raw":36,"kevs":65,"epss":9,"epss_history":66,"metrics":67,"affected":68},"MGASA-2023-0173","Updated kernel-linus packages fix security vulnerabilities\n\nThis kernel-linus update is based on upstream 5.15.110 and fixes atleast\nthe following security issues:\n\nA slab-out-of-bound read problem was found in brcmf_get_assoc_ies in\ndrivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.\nThis issue could occur when assoc_info->req_len data is bigger than the\nsize of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of\nservice (CVE-2023-1380).\n\nIt was discovered that a race condition existed in the Xen transport layer\nimplementation for the 9P file system protocol in the Linux kernel, leading\nto a use-after-free vulnerability. A local attacker could use this to cause\na denial of service or expose sensitive information (CVE-2023-1859).\n\nAn insufficient permission check has been found in the Bluetooth subsystem\nof the Linux kernel when handling ioctl system calls of HCI sockets.\nThis causes tasks without the proper CAP_NET_ADMIN capability can easily\nmark HCI sockets as _trusted_. Trusted sockets are intended to enable the\nsending and receiving of management commands and events, such as pairing\nor connecting with a new device.  As a result, unprivileged users can\nacquire a trusted socket, leading to unauthorized execution of management\ncommands (CVE-2023-2002).\n\nA heap out-of-bounds read/write vulnerability in the Linux Kernel traffic\ncontrol (QoS) subsystem can be exploited to achieve local privilege\nescalation. The qfq_change_class function does not properly limit the lmax\nvariable which can lead to out-of-bounds read/write. If the TCA_QFQ_LMAX\nvalue is not offered through nlattr, lmax is determined by the MTU value\nof the network device. The MTU of the loopback device can be set up to\n2^31-1 and as a result, it is possible to have an lmax value that exceeds\nQFQ_MIN_LMAX (CVE-2023-2248).\n\nqfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13\nallows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX\n(CVE-2023-31436).\n\nFor other upstream fixes in this update, see the referenced changelogs.\n",null,[],[],[],[14,16,18,20,22],{"_key":15},"CVE-2023-1380",{"_key":17},"CVE-2023-1859",{"_key":19},"CVE-2023-2002",{"_key":21},"CVE-2023-2248",{"_key":23},"CVE-2023-31436",[],[],[27,28,29,30,31],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},"2023-05-19T07:23:17Z","2026-04-16T04:22:31.603126Z",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[37,43,48,53,57,61],{"url":38,"sources":39,"tags":41},"https://advisories.mageia.org/MGASA-2023-0173.html",[40],"osv_mageia",[42],"Advisory",{"url":44,"sources":45,"tags":46},"https://bugs.mageia.org/show_bug.cgi?id=31876",[40],[47],"REPORT",{"url":49,"sources":50,"tags":51},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.107",[40],[47,52],"WEB",{"url":54,"sources":55,"tags":56},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.108",[40],[47,52],{"url":58,"sources":59,"tags":60},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.109",[40],[47,52],{"url":62,"sources":63,"tags":64},"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.110",[40],[47,52],[],[],[],[69],{"ecosystem":70,"name":71,"vendor":72,"product":71,"cpe_part":9,"purl_type":73,"purl_namespace":72,"purl_name":71,"source":9,"versions":74},"Mageia","kernel-linus","mageia","rpm",[75],{"version":76,"is_range":77,"range_type":78,"version_start":9,"version_start_type":9,"version_end":79,"version_end_type":80,"fixed_in":9},"lt5_15_110_1_mga8",true,"ecosystem","5.15.110-1.mga8","excluding"]