MGASA-2023-0237

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2023-31248 CVE-2023-3338 CVE-2023-3390 CVE-2023-35001

Published: 19 Jul 2023, 19:53

Last modified:16 Apr 2026, 04:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Jul 2023, 19:53

Published

Vulnerability first disclosed

16 Apr 2026, 04:22

Last Modified

Vulnerability information updated

Description

Updated kernel packages fix security vulnerabilities This kernel update is based on upstream 5.15.120 and fixes atleast the following security issues: A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system. This is fixed by removing DECnet support (CVE-2023-3338). A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue (CVE-2023-3390). Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; nft_chain_lookup_byid() failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace (CVE-2023-31248). Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace (CVE-2023-35001). NOTE!! This kernel also contains a fix for dkms builds hanging / stalling during upgrade to Mageia 9 (mga#31982) due to the new make 4.4 series utility ending up in a loop processing Makefile in kernel-devel packages. So if you use dkms packaged drivers, you need to be running this kernel (or any later released ones) before you do an online upgrade to avoid the upgrade stalling / hanging. For other upstream fixes in this update, see the referenced changelogs.

Affected Systems

mageia•kernel
< 5.15.120-2.mga8
mageia•kmod-virtualbox
< 7.0.8-1.12.mga8
mageia•kmod-xtables-addons
< 3.23-1.22.mga8

MGASA-2023-0237

Vulnerability Summary

Timeline

Description

Affected Systems

References (6)