CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6915 – Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c
https://notcve.org/view.php?id=CVE-2023-6915
15 Jan 2024 — A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return. Se encontró un problema de desreferencia de puntero null en ida_free en lib/idr.c en el kernel de Linux. Este problema puede permitir que un atacante que utilice esta librería cause un problema de denegación de servicio debido a una verificación faltante en el retorno de una función. • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6040 – An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family)
https://notcve.org/view.php?id=CVE-2023-6040
12 Jan 2024 — An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. Se informó y solucionó una vulnerabilidad de acceso fuera de los límites que involucraba a netfilter como: f1082dd31fe4 (netfilter: nf_tables: Rechazar tablas d... • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48619 – kernel: event code falling outside of a bitmap in input_set_capability() leads to panic
https://notcve.org/view.php?id=CVE-2022-48619
12 Jan 2024 — An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap. Se descubrió un problema en drivers/input/input.c en el kernel de Linux anterior a la versión 5.17.10. Un atacante puede provocar una denegación de servicio (pánico) porque input_set_capability maneja mal la situación en la que un código de evento queda fuera de un mapa de... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.10 • CWE-400: Uncontrolled Resource Consumption CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-0340 – Kernel: information disclosure in vhost/vhost.c:vhost_new_msg()
https://notcve.org/view.php?id=CVE-2024-0340
09 Jan 2024 — A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. Se encontró una vulnerabilidad en vhost_new_msg en drivers/vhost/vhost.c en el kernel de Linux, que no inicializa correctamente la m... • https://access.redhat.com/errata/RHSA-2024:3618 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-7192 – Kernel: refcount leak in ctnetlink_create_conntrack()
https://notcve.org/view.php?id=CVE-2023-7192
02 Jan 2024 — A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow. Se encontró un problema de pérdida de memoria en ctnetlink_create_conntrack en net/netfilter/nf_conntrack_netlink.c en el kernel de Linux. Este problema puede permitir que un atacante local con privilegios CAP_NET_ADMIN provoque un ataque de denegació... • https://access.redhat.com/errata/RHSA-2024:0723 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6531 – Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf
https://notcve.org/view.php?id=CVE-2023-6531
02 Jan 2024 — A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. Se encontró una falla de use-after-free en el kernel de Linux debido a un problema de ejecución en la eliminación de ejecución de SKB por parte del recolector de basura de Unix con unix_stream_read_generic() en el socket en el que el SKB está en cola. Linux suffers from an io_uring use-after-free vulnerability... • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-51781
https://notcve.org/view.php?id=CVE-2023-51781
25 Dec 2023 — An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition. Se descubrió un problema en el kernel de Linux anterior a 6.6.8. atalk_ioctl en net/appletalk/ddp.c tiene un use after free debido a una condición de ejecución atalk_recvmsg. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-51782
https://notcve.org/view.php?id=CVE-2023-51782
25 Dec 2023 — An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition. Se descubrió un problema en el kernel de Linux anterior a 6.6.8. rose_ioctl en net/rose/af_rose.c tiene un use after free debido a una condición de ejecución rose_accept. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-51780 – kernel: use-after-free in net/atm/ioctl.c
https://notcve.org/view.php?id=CVE-2023-51780
25 Dec 2023 — An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. Se descubrió un problema en el kernel de Linux anterior a 6.6.8. do_vcc_ioctl en net/atm/ioctl.c tiene un use after free debido a una condición de ejecución vcc_recvmsg. A use-after-free flaw was found in the Linux kernel's net/atm/ioctl.c (ATM networking technology driver): do_vcc_ioctl in net/atm/ioctl.c is vulnerable to use-after-free due to a race condit... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-6546 – Kernel: gsm multiplexing race condition leads to privilege escalation
https://notcve.org/view.php?id=CVE-2023-6546
21 Dec 2023 — A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system. Se encontró una condición de ejecución en el multiplexor tty GSM 0710 en el kernel de Linux. Este problema ocurre c... • http://www.openwall.com/lists/oss-security/2024/04/10/18 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •