CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4010 – Kernel: usb: hcd: malformed usb descriptor leads to infinite loop in usb_giveback_urb()
https://notcve.org/view.php?id=CVE-2023-4010
31 Jul 2023 — A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-4010 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-4004 – Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()
https://notcve.org/view.php?id=CVE-2023-4004
31 Jul 2023 — A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Se encontró una falla de use-after-free en el netfilter del kernel de Linux en la forma en que un usuario activa la función nft_pipapo_remove con el elemento, sin un NFT_SET_EXT_KEY_END. Este problema podría permitir que un usuar... • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-3773 – Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr
https://notcve.org/view.php?id=CVE-2023-3773
25 Jul 2023 — A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a specula... • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2023-3772 – Kernel: xfrm: null pointer dereference in xfrm_update_ae_params()
https://notcve.org/view.php?id=CVE-2023-3772
25 Jul 2023 — A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local ... • http://www.openwall.com/lists/oss-security/2023/08/10/1 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-3640 – Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space
https://notcve.org/view.php?id=CVE-2023-3640
24 Jul 2023 — A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could al... • https://github.com/pray77/CVE-2023-3640 • CWE-203: Observable Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3750 – Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service
https://notcve.org/view.php?id=CVE-2023-3750
24 Jul 2023 — A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon. It wad discovered that libvirt incorrectly handled locking when processing certain requests. A local attacker could possibly use this issue to cause libvirt to stop responding or crash, resul... • https://access.redhat.com/errata/RHSA-2023:6409 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-3812 – Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags
https://notcve.org/view.php?id=CVE-2023-3812
24 Jul 2023 — An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability. • https://access.redhat.com/errata/RHSA-2023:6799 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3019 – Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest()
https://notcve.org/view.php?id=CVE-2023-3019
24 Jul 2023 — A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. This update for qemu fixes the following issues. Fixed heap use-after-free in e1000e_write_packet_to_guest. Fixed NULL pointer dereference in qemu_clipboard_request. • https://access.redhat.com/errata/RHSA-2024:0135 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2023-3567 – Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
https://notcve.org/view.php?id=CVE-2023-3567
24 Jul 2023 — A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. This update for the Linux Kernel 5.14.21-150400_24_46 fixes several issues. The following security issues were fixed. Fixed a use-after-free in Netfilter nf_tables when processing batch requests. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-38200 – Keylime: registrar is subject to a dos against ssl connections
https://notcve.org/view.php?id=CVE-2023-38200
24 Jul 2023 — A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections. Se encontró una falla en Keylime. Debido a su naturaleza de bloqueo, el registrador de Keylime está sujeto a una denegación de servicio remota contra sus conexiones SSL. • https://access.redhat.com/errata/RHSA-2023:5080 • CWE-400: Uncontrolled Resource Consumption CWE-834: Excessive Iteration •