CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-47929 – kernel: NULL pointer dereference in traffic control subsystem
https://notcve.org/view.php?id=CVE-2022-47929
17 Jan 2023 — In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. A NULL pointer dereference flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux kernel. This issue may allow a local unprivileged user to trigger a denial of service if the alloc... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2023-23589 – Gentoo Linux Security Advisory 202305-11
https://notcve.org/view.php?id=CVE-2023-23589
14 Jan 2023 — The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. La opción SafeSocks en Tor anterior a 0.4.7.13 tiene un error lógico en el que se puede usar el protocolo SOCKS4 inseguro pero no el protocolo SOCKS4a seguro, también conocido como TROVE-2022-002. A logic error was discovered in the implementation of the "SafeSocks" option of Tor, a connection-based low-latency anonymous communication system, wh... • https://gitlab.torproject.org/tpo/core/tor/-/commit/a282145b3634547ab84ccd959d0537c021ff7ffc • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-23559 – Ubuntu Security Notice USN-5924-1
https://notcve.org/view.php?id=CVE-2023-23559
13 Jan 2023 — In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. En rndis_query_oid en drivers/net/wireless/rndis_wlan.c en el kernel de Linux hasta 6.1.5, hay un desbordamiento de enteros en una suma. It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was disc... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23454 – kernel: slab-out-of-bounds read vulnerabilities in cbq_classify
https://notcve.org/view.php?id=CVE-2023-23454
12 Jan 2023 — cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). An out-of-bounds (OOB) read problem was found in cbq_classify in net/sched/sch_cbq.c in the Linux kernel. This issue may allow a local attacker to cause a denial of service due to type confusion. Non-negative numbers could indicate ... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12 • CWE-125: Out-of-bounds Read CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23455 – Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion
https://notcve.org/view.php?id=CVE-2023-23455
12 Jan 2023 — atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). A denial of service flaw was found in atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel. This issue may allow a local attacker to cause a denial of service due to type confusion. Non-negative numbers could indicate a TC_ACT_SHOT condition rather th... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2022-4337 – openvswitch: Out-of-Bounds Read in Organization Specific TLV
https://notcve.org/view.php?id=CVE-2022-4337
10 Jan 2023 — An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. Se encontró una lectura fuera de los límites en TLV específico de la organización en varias versiones de OpenvSwitch. A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud... • https://github.com/openvswitch/ovs/pull/405 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2022-4338 – openvswitch: Integer Underflow in Organization Specific TLV
https://notcve.org/view.php?id=CVE-2022-4338
10 Jan 2023 — An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. Se encontró un desbordamiento de números enteros en el TLV específico de la organización en varias versiones de OpenvSwitch. A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cl... • https://github.com/openvswitch/ovs/pull/405 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2196 – Speculative execution attacks in KVM VMX
https://notcve.org/view.php?id=CVE-2022-2196
09 Jan 2023 — A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a A flaw was found in the KVM's Intel nested virtualization feature (nVMX). Since L1... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-47655 – Debian Security Advisory 5346-1
https://notcve.org/view.php?id=CVE-2022-47655
05 Jan 2023 — Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> Libde265 1.0.9 es vulnerable al desbordamiento del búfer en la función void put_qpel_fallback Multiple security issues were discovered in libde265, an implementation of the H.265 video codec which may result in denial of service and potentially the execution of arbitrary code if a malformed media file is processed. • https://github.com/strukturag/libde265/issues/367 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2022-34670 – Gentoo Linux Security Advisory 202310-02
https://notcve.org/view.php?id=CVE-2022-34670
30 Dec 2022 — NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure. NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en el controlador de capa del modo kernel, donde un usuario normal sin privilegios puede causar errores de truncamiento al conve... • https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html • CWE-197: Numeric Truncation Error CWE-681: Incorrect Conversion between Numeric Types •