19.Laptop Bed

Two critical vulnerabilities were recently discovered in the Linux kernel, which both received a National Vulnerability Database base score of 9.8 out of 10 due to how simple they are for attackers to exploit and their severe threat to impacted systems.

CVE-2023-45871 is a buffer overflow vulnerability due to improper validation of received frames larger than the set MTU size in the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel. CVE-2023-25775 exists because the InfiniBand RDMA driver in the Linux kernel does not properly check for zero-length STAG or MR registration. 

How Do These Vulnerabilities Affect Linux Systems?

These impactful bugs could enable a remote attacker to escalate privilege via network access and execute arbitrary code or carry out denial of service attacks, leading to loss of system access.

In the worst-case scenario, these bugs could allow attackers to obtain sensitive data or even gain complete control of an impacted system or network.

What Can You Do to Stay Safe?LinuxKernel

Essential updates for the Linux kernel have been released to mitigate these critical flaws. Given these vulnerabilities’ severe threat to affected systems, if left unpatched, we urge all impacted users to apply the updates released by Mageia, Slackware, and Ubuntu as soon as possible. Doing so will protect against downtime and system compromise.

To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on X for real-time updates on advisories for your distro(s).