CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22995 – Ubuntu Security Notice USN-6681-2
https://notcve.org/view.php?id=CVE-2023-22995
28 Feb 2023 — In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that the DesignWare USB3 for Qualcomm SoC... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22997 – Ubuntu Security Notice USN-6024-1
https://notcve.org/view.php?id=CVE-2023-22997
28 Feb 2023 — In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1095 – kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head
https://notcve.org/view.php?id=CVE-2023-1095
28 Feb 2023 — In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. A NULL pointer dereference flaw was found in the Linux kernel’s netfilter subsystem. The issue could occur due to an error in nf_tables_updtable while freeing a transaction object not placed on the list head. This flaw allow... • https://bugzilla.redhat.com/show_bug.cgi?id=2173973 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 2CVE-2023-26607 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2023-26607
26 Feb 2023 — In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD process... • https://github.com/Trinadh465/linux-4.1.15_CVE-2023-26607 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2023-26545 – kernel: mpls: double free on sysctl allocation failure
https://notcve.org/view.php?id=CVE-2023-26545
25 Feb 2023 — In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code. It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly ... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 3CVE-2023-0045 – Incorrect indirect branch prediction barrier in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-0045
23 Feb 2023 — The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prc... • https://github.com/ASkyeye/CVE-2023-0045 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23039
https://notcve.org/view.php?id=CVE-2023-23039
22 Feb 2023 — An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). • https://lkml.org/lkml/2023/1/1/169 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26242
https://notcve.org/view.php?id=CVE-2023-26242
21 Feb 2023 — afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow. • https://bugzilla.suse.com/show_bug.cgi?id=1208518 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-3424 – Ubuntu Security Notice USN-5924-1
https://notcve.org/view.php?id=CVE-2022-3424
10 Feb 2023 — A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability.... • https://bugzilla.redhat.com/show_bug.cgi?id=2132640 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0590 – kernel: use-after-free due to race condition in qdisc_graft()
https://notcve.org/view.php?id=CVE-2023-0590
10 Feb 2023 — A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. It was discovered that the Bluetooth HCI implementation in the Linux kernel did not properly deallocate memory in some situations. An attacker could possibly use this cause a denial of service. • https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html • CWE-416: Use After Free •