Several significant security issues have been found in the Linux kernel, which could result in denial of service (DoS) attacks leading to crashes and kernel deadlock, arbitrary code execution, and the exposure of sensitive information. With a low attack complexity, a high confidentiality, integrity and availability impact, and a National Vulnerability Database (NVD) severity rating of “High”, it is crucial that all impacted users update immediately to protect against loss of access to critical systems and the compromise of sensitive data.

Continue reading to learn about other significant issues that have been discovered and fixed, including multiple important OpenSSL DoS vulnerabilities, and a critical LibreOffice arbitrary code execution bug.  

Yours in Open Source,

Brittany Signature 150 Esm W150

Linux Kernel

The Discovery 

Several significant security issues have been found in the Linux kernel, including a use-after-free vulnerability in the netfilter subsystem (CVE-2023-32233), an an out-of-bounds write vulnerability in the scheduler implementation (CVE-2023-31436), and improper data buffer size validation in the Broadcom FullMAC USB WiFi driver (CVE-2023-1380).

LinuxKernel Esm W206

The Impact

These bugs could result in denial of service (DoS) attacks leading to crashes and kernel deadlock, arbitrary code execution, and the exposure of sensitive information.

The Fix

Updates are available for the Linux kernel that mitigate these dangerous vulnerabilities. With a low attack complexity, a high confidentiality, integrity and availability impact, and a National Vulnerability Database (NVD) severity rating of “High”, it is crucial that all impacted users apply the Linux kernel updates issued by their distro(s) immediately to protect against loss of access to critical systems and the compromise of sensitive data.

Your Related Advisories:

[distro_list_1]

OpenSSL

The Discovery 

Multiple important denial of service (DoS) vulnerabilities (CVE-2023-0464 and CVE-2023-2650) have been discovered in the OpenSSL Secure Sockets Layer toolkit. These bugs are easy to exploit and have a high availability impact.

Openssl Esm W240

The Impact

These flaws could be exploited to carry out DoS attacks resulting in loss of system access and potential compromise.

The Fix

An OpenSSL security update that fixes these vulnerabilities has been released. We strongly encourage all impacted users to apply the OpenSSL updates issued by their distro(s) now to protect against attacks leading to system downtime and compromise.

Your Related Advisories:

[distro_list_2]

LibreOffice

The Discovery 

An Improper Validation of Array Index vulnerability (CVE-2023-0950) was discovered in the spreadsheet component of The Document Foundation LibreOffice 7.4 versions prior to 7.4.6 and 7.5 versions prior to 7.5.1. With a low attack complexity, no privileges or user interaction required to exploit, and a high confidentiality, integrity and availability impact, this bug has received a National Vulnerability Database (NVD) severity rating of “Critical”.

Libreoffice Esm W300

The Impact

This issue could potentially result in the execution of arbitrary code when loading a malformed spreadsheet document or unacknowledged loading of linked documents within a floating frame.

The Fix

An important LibreOffice security update that fixes this dangerous flaw has been released. We strongly recommend that all impacted users apply the LibreOffice updates issued by their distro(s) as soon as possible to protect the confidentiality, integrity and availability of their systems and their sensitive data.

Your Related Advisories:

[distro_list_3]