CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3220
https://notcve.org/view.php?id=CVE-2023-3220
20 Jun 2023 — An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93340e10b9c5fc86730d149636e0aa8b47bb5a34 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3022 – kernel: IPv6: panic in fib6_rule_suppress when fib6_rule_lookup fails
https://notcve.org/view.php?id=CVE-2023-3022
19 Jun 2023 — A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress. • https://bugzilla.redhat.com/show_bug.cgi?id=2211440 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35823 – kernel: saa7134: race condition leading to use-after-free in saa7134_finidev()
https://notcve.org/view.php?id=CVE-2023-35823
18 Jun 2023 — An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. A race condition was found in the Linux kernel's saa7134 device driver. This occurs when removing the module before cleanup in the saa7134_finidev function which can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35824 – kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c()
https://notcve.org/view.php?id=CVE-2023-35824
18 Jun 2023 — An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. A race condition was found in the Linux kernel's dm1105 device driver when removing the module before cleanup in the dm1105_remove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35827 – Ubuntu Security Notice USN-7185-1
https://notcve.org/view.php?id=CVE-2023-35827
18 Jun 2023 — An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. • https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3268 – kernel: out-of-bounds access in relay_file_read
https://notcve.org/view.php?id=CVE-2023-3268
16 Jun 2023 — An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. An out-of-bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw allows a local attacker to crash the system or leak kernel internal information. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0CVE-2023-3159
https://notcve.org/view.php?id=CVE-2023-3159
12 Jun 2023 — A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. • https://github.com/torvalds/linux/commit/b7c81f80246fac44077166f3e07103affe6db8ff • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-3161 – kernel: fbcon: shift-out-of-bounds in fbcon_set_font()
https://notcve.org/view.php?id=CVE-2023-3161
12 Jun 2023 — A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing a font->width and font->height greater than 32 to the fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs, leading t... • https://bugzilla.redhat.com/show_bug.cgi?id=2213485 • CWE-682: Incorrect Calculation CWE-1335: Incorrect Bitwise Shift of Integer •
CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0CVE-2023-3141 – kernel: Use after free bug in r592_remove
https://notcve.org/view.php?id=CVE-2023-3141
09 Jun 2023 — A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This issue may allow a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2023-3111
https://notcve.org/view.php?id=CVE-2023-3111
05 Jun 2023 — A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). • https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html • CWE-416: Use After Free •