CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28866 – kernel: Bluetooth: HCI: global out-of-bounds access in net/bluetooth/hci_sync.c
https://notcve.org/view.php?id=CVE-2023-28866
27 Mar 2023 — In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not. An out-of-bounds (OOB) memory access flaw was found in net/bluetooth/hci_sync.c due to a missing exit patch while in loop in amp_init1[] and amp_init2[]. This issue could allow an attacker to leak internal kernel information. It was discovered that the Traffic-Control Index implementation in the Linux kernel did not pro... • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=95084403f8c070ccf5d7cbe72352519c1798a40a • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 0CVE-2023-1380 – Ubuntu Security Notice USN-6162-1
https://notcve.org/view.php?id=CVE-2023-1380
27 Mar 2023 — A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges. It wa... • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36691 – Ubuntu Security Notice USN-6301-1
https://notcve.org/view.php?id=CVE-2020-36691
24 Mar 2023 — An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properl... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1195 – kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c
https://notcve.org/view.php?id=CVE-2023-1195
24 Mar 2023 — A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud... • https://github.com/torvalds/linux/commit/153695d36ead0ccc4d0256953c751cabf673e621 • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 3CVE-2023-28772 – kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow
https://notcve.org/view.php?id=CVE-2023-28772
23 Mar 2023 — An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. A buffer overflow write flaw was identified in seq_buf_putmem_hex in lib/seq_buf.c in seq_buf in the Linux Kernel. This issue may allow a user with special debug privileges such as ftrace or root to cause an overflow in the destination buffer due to a missing sanity check. • https://github.com/Trinadh465/linux-4.1.15_CVE-2023-28772 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1513 – kernel: KVM: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems
https://notcve.org/view.php?id=CVE-2023-1513
23 Mar 2023 — A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TC... • https://bugzilla.redhat.com/show_bug.cgi?id=2179892 • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1249 – kernel: missing mmap_lock in file_files_note that could possibly lead to a use after free in the coredump code
https://notcve.org/view.php?id=CVE-2023-1249
21 Mar 2023 — A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. The kernel tree of CentOS Stream 9 suffers from multiple use-after-free conditions that were already patched in upstream stable trees. • https://packetstorm.news/files/id/171912 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48423 – Ubuntu Security Notice USN-6079-1
https://notcve.org/view.php?id=CVE-2022-48423
19 Mar 2023 — In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.3 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48425 – Ubuntu Security Notice USN-6339-3
https://notcve.org/view.php?id=CVE-2022-48425
19 Mar 2023 — In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not proper... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=467333af2f7b95eeaa61a5b5369a80063cd971fd • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-1390 – kernel: remote DoS in TIPC kernel module
https://notcve.org/view.php?id=CVE-2023-1390
16 Mar 2023 — A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition. It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation ... • https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5 • CWE-1050: Excessive Platform Resource Consumption within a Loop •