CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1382 – kernel: denial of service in tipc_conn_close
https://notcve.org/view.php?id=CVE-2023-1382
06 Apr 2023 — A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that the virtio network implemen... • https://lore.kernel.org/netdev/bc7bd3183f1c275c820690fc65b708238fe9e38e.1668807842.git.lucien.xin%40gmail.com/T/#u • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-1476 – Kpatch: mm/mremap.c: incomplete fix for cve-2022-41222
https://notcve.org/view.php?id=CVE-2023-1476
05 Apr 2023 — A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. Se encontró una falla de use-after-free en el código fuente de contabilidad del espacio de direcciones de memoria mm/mremap del kernel de Linux. Este problema ocurre debido a una condición de ejecución entre rmap walk y mremap, lo qu... • https://access.redhat.com/errata/RHSA-2023:1659 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-1582 – kernel: Soft lockup occurred during __page_mapcount
https://notcve.org/view.php?id=CVE-2023-1582
05 Apr 2023 — A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applicat... • https://lore.kernel.org/linux-mm/Yg6ac8WlwtnDH6M0%40kroah.com • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2023-1855 – kernel: use-after-free bug in remove function xgene_hwmon_remove
https://notcve.org/view.php?id=CVE-2023-1855
05 Apr 2023 — A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due ... • https://github.com/torvalds/linux/commit/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1 • CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 17EXPL: 0CVE-2023-1611 – Ubuntu Security Notice USN-6301-1
https://notcve.org/view.php?id=CVE-2023-1611
03 Apr 2023 — A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered t... • https://bugzilla.redhat.com/show_bug.cgi?id=2181342 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1670 – Ubuntu Security Notice USN-6252-1
https://notcve.org/view.php?id=CVE-2023-1670
30 Mar 2023 — A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier... • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28328 – kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c
https://notcve.org/view.php?id=CVE-2023-28328
28 Mar 2023 — A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attack... • https://bugzilla.redhat.com/show_bug.cgi?id=2177389 • CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3923 – kernel: stack information leak in infiniband RDMA
https://notcve.org/view.php?id=CVE-2021-3923
27 Mar 2023 — A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms. • https://bugzilla.redhat.com/show_bug.cgi?id=2019643 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 27EXPL: 0CVE-2023-1077 – Ubuntu Security Notice USN-6256-1
https://notcve.org/view.php?id=CVE-2023-1077
27 Mar 2023 — In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could pos... • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1079 – kernel: hid: Use After Free in asus_remove()
https://notcve.org/view.php?id=CVE-2023-1079
27 Mar 2023 — A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controll... • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df • CWE-416: Use After Free •