CoreOS Security Update 38.20231027.3.1 (MINDBREEZE29501)

Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: 7.8 High 
Status: Final 
First published: February 8, 2024 
CVEs: CVE-2023-5345, CVE-2023-42754, CVE-2023-42756 


  • use-after-free vulnerability in the smb client component 
  • NULL pointer dereference in ipv4_send_dest_unreach() 
  • race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP 


Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

  • Mindbreeze InSpire 23.7 Release 
  • Mindbreeze InSpire SaaS 23.7 Release