Use-after-free vulnerability in the CAN BCM subsystem of the Red Hat Enterprise Linux 9 and CentOS Stream 9 kernels

In recent months, our research team reported a use-after-free vulnerability in the Red Hat Enterprise Linux 9 and CentOS Stream 9 kernels. The vulnerability also affects Red Hat Enterprise Linux 9-derived distributions, such as Alma Linux 9 and Rocky Linux 9. Exploitation of the vulnerability could lead to denial of service, information disclosure, and bypass of security mitigations. The vulnerability is registered with the identifier CVE-2023-52922.

Even though the vulnerability was public and patched over a year ago in the upstream and stable branches of the Linux kernels, the kernels used by Red Hat Enterprise Linux 9, its derivatives, and CentOS Stream 9 remain vulnerable, exposing users and organizations. This delay in patching public vulnerabilities is part of the Linux ecosystem. Vulnerabilities are not patched in Linux distributions even after they become public and patched in the stable and upstream branches of the Linux kernel.

To mitigate the vulnerability while there's no update fixing it, the CAN BCM module could be removed and denied loading unless the system needs it. It is just one of several vulnerabilities not patched in widely used Linux distributions. If you need security beyond the Linux distributions you depend on can offer, we can help you. This finding results from our ongoing research into the security of Linux distributions. Allele Security Intelligence is an expert in this field.

Check out our website and contact us to learn more: https://allelesecurity.com.

Check out more details about the vulnerability here: https://access.redhat.com/security/cve/cve-2023-52922

We will publish a blog post analyzing the vulnerability.

Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293) https://birkep.github.io/posts/Windows-LPE/

Old Soviet joke repurposed for 2025:
Several times daily, a woman opens a news website, glances at the screen, then closes it.

Her spouse, curious, asks what she's doing.

The woman explains she's looking for death notices.

The spouse says that the website only has headlines, not obituaries.

The woman replies, "Oh, the obituaries I'm praying for will be headlines."

🔎Part 2 of our COM hijacking series is live!
This time, we discuss a vulnerability in AVG Internet Security, where we bypass an allow-list, disable self-protection, and exploit an update mechanism to escalate privileges to SYSTEM 🚀💻
https://neodyme.io/en/blog/com_hijacking_2/

A very happy birthday to the Sinclair ZX80 released on this day in 1980!

We have released a new NCSC research paper which aims to reduce the presence of 'unforgivable' vulnerabilities - in it we present a method to assess 'forgivable' vs 'unforgivable' vulnerabilities'.
https://www.ncsc.gov.uk/blog-post/eradicating-trivial-vulnerabilities-at-scale

“Nobody asked for NFTs or the fucking Metaverse. Nobody asked for lying chatbots instead of getting to reach an actual support person that could solve your problems.”

And:“…people are challenging the notion that we all have to do AI now. Because we don’t. It’s a choice. A choice that mostly benefits monopolists.”

— @tante in https://tante.cc/2025/01/28/quoted-in-ars-technicas-article-on-tarpits-for-ai-crawlers/

I thought the sole gift of DeepSeek would be blowing the charade of massive compute requirements for parlor tricks, but now it looks like the allegations of "intellectual property theft" are also going to blow open the story of massive copyright infringement by OpenAI, Google, etc. 🤣 🍿 🍿 🍿

Following our attempts to contact the casdoor maintainers, we're releasing an advisory regarding their software. This vulnerability allows attackers to exfiltrate data from the identity provider (IdP) or obtain access over SCIM. Details here:
https://doyensec.com/resources/Doyensec_Advisory_UnauthenticatedSCIM-CasdoorIdP.pdf

#doyensec #appsec #security

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a1c7154

Lookup<struct_PeEmuHashProvider>

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a1c7154.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a1c7154.json&colors=light

So, is anyone sueing #Microsoft in the #EuropeanUnion already because they are forcing #Copilot on their customers just like how they did with #MicrosoftTeams but this time they are also INCREASING THE PRICE AS WELL?

If not, then why not?!

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a778a60

__acrt_MultiByteToWideChar

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a778a60.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a778a60.json&colors=light

Version 3.4.0 of the PHP implementation of PASETO has been released!

https://github.com/paragonie/paseto/releases/tag/v3.4.0

Includes PHP 8.4 compatibility and removes internal use of strtok(), which we don't consider a safe function for handling secret keys.

(We pulled 3.3.0 which was an accidental tag of an earlier commit in the master branch.)

#whataweekhuh

In light of US tech oligarchy setting its sights on Wikimedia Foundation, a historical detail I did not know before: #Wikipedia became the non-profit it is today partly as the result of a labour strike of Spanish Wikipedia editors who disagreed with the proposed inclusion of advertisements. Initially, it was not clear what revenue model Wikipedia would get, and Wales moved towards a for-profit model already a year after launch. However, rather than working for free, so Jimmy Wales could profit from their labour via advertising, Spanish contributors forked Spanish Wikipedia as the Encyclopedia Libre Universal. Under the threat of losing the editorial community of such a large language, Wales conceded and set up the non-profit.

That is to say, however imperfect they are, all the digital commons we have are the result of ongoing struggle and hard work to keep them as commons.

Via Las Redes Son Nuestras (https://www.consonni.org/es/publicaciones/las-redes-son-nuestras) by @teclista