SB2023121160 - Multiple vulnerabilities in Dell EMC VxRail Appliance
Published: December 11, 2023 Updated: January 4, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 46 secuirty vulnerabilities.
1) Division by zero (CVE-ID: CVE-2023-31085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide by zero error within the drivers/mtd/ubi/cdev.c driver. A local user can perform a denial of service (DoS) attack.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-4091)
The vulnerability allows a remote user to truncate read-only files.
The vulnerability exists due to an error in the way SMB protocol implementation in Samba handles file operations. A remote user can request read-only access to files and then truncate them to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes".
3) Buffer overflow (CVE-ID: CVE-2023-4015)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/nft_immediate.c when handling bound chain deactivation. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
4) Out-of-bounds read (CVE-ID: CVE-2023-39194)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the XFRM subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
5) Out-of-bounds read (CVE-ID: CVE-2023-39193)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sctp_mt_check() function in Netfilter subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
6) Out-of-bounds read (CVE-ID: CVE-2023-39192)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the the u32_match_it() function in Netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and gain access to sensitive information.
7) Out-of-bounds read (CVE-ID: CVE-2023-39189)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the nfnl_osf_add_callback() function in Linux kernel Netfilter. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
8) Resource management error (CVE-ID: CVE-2023-3777)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper handling of table rules flush in certain circumstances within the netfilter subsystem in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack or execute arbitrary code with elevated privileges.
9) Deadlock (CVE-ID: CVE-2023-34324)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).
10) Improper access control (CVE-ID: CVE-2023-34059)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the vmware-user-suid-wrapper. A local attacker can hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
11) Improper Authorization (CVE-ID: CVE-2023-34058)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error when handling SAML token signature. A remote attacker that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.
12) Incorrect Regular Expression (CVE-ID: CVE-2023-28756)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing strings that have specific characters. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
13) Information disclosure (CVE-ID: CVE-2023-4154)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a design error in Samba's implementation of the DirSync control, which can allow replication of critical domain passwords and secrets by Active Directory accounts authorized to do some replication, but not to replicate sensitive attributes. A remote user can obtain sensitive information from the AD DC and compromise the Active Directory.
14) Incorrect Regular Expression (CVE-ID: CVE-2023-28755)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing URLs. A remote attacker can pass specially crafted URL to the application and perform regular expression denial of service (ReDos) attack.
15) Integer overflow (CVE-ID: CVE-2023-23559)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the rndis_query_oid() function in drivers/net/wireless/rndis_wlan.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
16) Improper input validation (CVE-ID: CVE-2023-22081)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
17) NULL pointer dereference (CVE-ID: CVE-2023-2177)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the net/sctp/stream_sched.c in Linux kernel. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
18) Out-of-bounds write (CVE-ID: CVE-2023-2163)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in BPF verifier caused by improper marking of
registers for precision tracking in certain situations. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
19) Use-after-free (CVE-ID: CVE-2023-1859)
The vulnerability allows a malicious guest to gain access to sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the xen_9pfs_front_removet() function in net/9p/trans_xen.c in Xen transport for 9pfs. A malicious guest VM can trigger a use-after-free error and gain access to sensitive information of the hypervisor or crash it.
20) Resource exhaustion (CVE-ID: CVE-2023-1206)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
21) Use-after-free (CVE-ID: CVE-2023-1192)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_is_status_io_timeout() function in Linux kernel. A local user can set environment variable to a specific value, trigger a use-after-free error and execute arbitrary code with elevated privileges.
22) HTTP response splitting (CVE-ID: CVE-2021-33621)
The vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not corrector process CRLF character sequences when handling cookies. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
23) Open redirect (CVE-ID: CVE-2023-41080)
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data, if the ROOT (default) web application is configured to use FORM authentication. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
24) Race condition (CVE-ID: CVE-2023-4155)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in KVM AMD Secure Encrypted Virtualization (SEV) in Linux kernel. A local user can exploit the race and escalate privileges on the system.
25) Out-of-bounds write (CVE-ID: CVE-2023-4692)
The vulnerability allows a local user to bypass secure boot protection.
The vulnerability exists due to a boundary error in NTFS driver implementation in grub-core/fs/ntfs.c when parsing the $ATTRIBUTE_LIST attribute for the $MFT file. A local user can pass a specially crafted image to the application, trigger an out-of-bounds write and bypass secure boot protection.
26) Sequence of processor instructions leads to unexpected behavior (CVE-ID: CVE-2023-23583)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error related to processing of Sequence of processor instructions. A local user can execute arbitrary code with elevated privileges.
27) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-5870)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to pg_cancel_backend rolse signals background workers, including the logical replication launcher, autovacuum workers and the autovacuum launcher. A remote privileged user can abuse this behavior and perform a denial of service (DoS) attack.
28) Integer overflow (CVE-ID: CVE-2023-5869)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in array modification. A remote user can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
29) Information disclosure (CVE-ID: CVE-2023-5868)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the aggregate function calls when handling "unknown"-type arguments. A remote user can read parts of system memory.
30) Use-after-free (CVE-ID: CVE-2023-5345)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb3_fs_context_parse_param() function in fs/smb/client component. A remote attacker can execute arbitrary code with elevated privileges.
31) Use-after-free (CVE-ID: CVE-2023-5178)
The vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/nvme/target/tcp.c in nvmet_tcp_free_crypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
32) Use-after-free (CVE-ID: CVE-2023-4921)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the qfq_dequeue() function within the the Linux kernel's net/sched: sch_qfq component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
33) Use-after-free (CVE-ID: CVE-2023-4813)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the gaih_inet() function when the getaddrinfo() function is called and the hosts database in
/etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
34) Out-of-bounds read (CVE-ID: CVE-2023-4693)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the NTFS driver in grub-core/fs/ntfs.c when reading data from the resident $DATA attribute. A attacker with physical access to the system use a specially crafted NTFS file system image to read arbitrary memory locations, such as data cached in memory or EFI variables values.
35) Improper access control (CVE-ID: CVE-2023-46813)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses. A local user can gain arbitrary write access to kernel memory and execute arbitrary code with elevated privileges.
36) Resource management error (CVE-ID: CVE-2023-42669)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to inclusion of the "rpcecho" server into production build, which can call sleep() on AD DC. A remote user can request the server block using the "rpcecho" server and perform a denial of service (DoS) attack.
37) Information disclosure (CVE-ID: CVE-2023-4641)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an error in gpasswd(1), which fails to clean memory properly. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. A local user with enough access can retrieve the password from the memory.
38) Use-after-free (CVE-ID: CVE-2023-4623)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: sch_hfsc (HFSC qdisc traffic control) component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
39) Integer overflow (CVE-ID: CVE-2023-46228)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing files in lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, and lib/header.c. A remote attacker can pass specially crafted file to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
40) Use-after-free (CVE-ID: CVE-2023-4622)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the unix_stream_sendpage() function in af_unix component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
41) Heap-based buffer overflow (CVE-ID: CVE-2023-45853)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the zipOpenNewFileInZip4_64() function from MiniZip. A remote attacker can create a specially crafted archive, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
42) Use-after-free (CVE-ID: CVE-2023-4563)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the nft_verdict_dump() function of the nftables sub-component. A local user can trigger a race condition between set GC and transaction and perform a DoS attack.
43) Resource exhaustion (CVE-ID: CVE-2023-44487)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
44) Use-after-free (CVE-ID: CVE-2023-4389)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_get_root_ref() function in fs/btrfs/disk-io.c. A local user can trigger a use-after-free error and execute arbitrary code on the system.
45) NULL pointer dereference (CVE-ID: CVE-2023-42754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.
46) Out-of-bounds write (CVE-ID: CVE-2023-42753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.