CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 1CVE-2023-35828 – Ubuntu Security Notice USN-6283-1
https://notcve.org/view.php?id=CVE-2023-35828
18 Jun 2023 — It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. • https://github.com/Trinadh465/linux-4.19.72_CVE-2023-35828 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-35829 – Ubuntu Security Notice USN-6283-1
https://notcve.org/view.php?id=CVE-2023-35829
18 Jun 2023 — It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35824 – kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c()
https://notcve.org/view.php?id=CVE-2023-35824
18 Jun 2023 — It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35823 – kernel: saa7134: race condition leading to use-after-free in saa7134_finidev()
https://notcve.org/view.php?id=CVE-2023-35823
18 Jun 2023 — It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1CVE-2022-48502 – Ubuntu Security Notice USN-6300-1
https://notcve.org/view.php?id=CVE-2022-48502
31 May 2023 — It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2023-2898 – Ubuntu Security Notice USN-6339-3
https://notcve.org/view.php?id=CVE-2023-2898
26 May 2023 — It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. • https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-32248 – Tree connection null pointer dereference denial-of-service vulnerability
https://notcve.org/view.php?id=CVE-2023-32248
17 May 2023 — It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. • https://access.redhat.com/security/cve/CVE-2023-32248 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48425 – Ubuntu Security Notice USN-6339-3
https://notcve.org/view.php?id=CVE-2022-48425
19 Mar 2023 — In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not proper... • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/fs/ntfs3? • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 2CVE-2023-26607 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2023-26607
26 Feb 2023 — In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. • https://github.com/Trinadh465/linux-4.1.15_CVE-2023-26607 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-26544 – Ubuntu Security Notice USN-6079-1
https://notcve.org/view.php?id=CVE-2023-26544
25 Feb 2023 — In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. • https://bugzilla.suse.com/show_bug.cgi?id=1208697 • CWE-416: Use After Free •