Security News > 2023 > December > Final Patch Tuesday of 2023 goes out with a bang

Final Patch Tuesday of 2023 goes out with a bang
2023-12-13 00:41

Of these, four are rated critical - including three remote code execution vulnerabilities and one spoofing bug - and 29 important.

The only vulnerability listed as publicly disclosed in Microsoft's December patch party is a speculative leaks flaw in some AMD processors tracked as CVE-2023-20588 and first disclosed in August.

Patches for Illustrator, Substance 3D Sampler, Substance 3D Designer and After Effects all fix critical vulnerabilities that could lead to arbitrary code execution and memory leak.

Google's December security updates for Android fix 85 vulnerabilities, including three that "May be under limited, targeted exploitation." All three affect Qualcomm components: CVE-2023-33063 is in the kernel while CVE-2023-33107 and CVE-2023-33106 are in the display.

Cisco published a security advisory about a vulnerability in Apache Struts that may affect a long list of its products containing the software - but noted that it's still under investigation.

Rounding out the end-of-year petapalooza, VMware fixed a moderate-rated privilege escalation vulnerability in its VMware Workspace ONE Launcher product.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/13/december_2023_patch_tuesday/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-12-05 CVE-2023-33107 Integer Overflow or Wraparound vulnerability in Qualcomm products
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
local
low complexity
qualcomm CWE-190
7.8
2023-12-05 CVE-2023-33106 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
local
low complexity
qualcomm CWE-119
7.8
2023-12-05 CVE-2023-33063 Use After Free vulnerability in Qualcomm products
Memory corruption in DSP Services during a remote call from HLOS to DSP.
local
low complexity
qualcomm CWE-416
7.8
2023-08-08 CVE-2023-20588 Divide By Zero vulnerability in multiple products
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 
local
low complexity
debian amd xen fedoraproject microsoft CWE-369
5.5