CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23003
https://notcve.org/view.php?id=CVE-2023-23003
01 Mar 2023 — In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16 • CWE-252: Unchecked Return Value •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23005
https://notcve.org/view.php?id=CVE-2023-23005
01 Mar 2023 — In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached. • https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23006
https://notcve.org/view.php?id=CVE-2023-23006
01 Mar 2023 — In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23000 – Ubuntu Security Notice USN-6704-4
https://notcve.org/view.php?id=CVE-2023-23000
01 Mar 2023 — In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used. Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that the DesignWare U... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23004 – Ubuntu Security Notice USN-6300-1
https://notcve.org/view.php?id=CVE-2023-23004
01 Mar 2023 — In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that t... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22996
https://notcve.org/view.php?id=CVE-2023-22996
28 Feb 2023 — In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22998 – kernel: drm/virtio: improper return value check in virtio_gpu_object_shmem_init()
https://notcve.org/view.php?id=CVE-2023-22998
28 Feb 2023 — In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.3 • CWE-436: Interpretation Conflict •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22999
https://notcve.org/view.php?id=CVE-2023-22999
28 Feb 2023 — In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer). • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22995 – Ubuntu Security Notice USN-6681-2
https://notcve.org/view.php?id=CVE-2023-22995
28 Feb 2023 — In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that the DesignWare USB3 for Qualcomm SoC... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22997 – Ubuntu Security Notice USN-6024-1
https://notcve.org/view.php?id=CVE-2023-22997
28 Feb 2023 — In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2 • CWE-476: NULL Pointer Dereference •