CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-21803 – Possible UAF in bt_accept_poll in Linux kernel
https://notcve.org/view.php?id=CVE-2024-21803
Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1. Vulnerabilidad de Use After Free en El kernel de Linux en Linux, x86, ARM (módulos bluetooth) permite la ejecución local de código. Esta vulnerabilidad está asociada con archivos de programa https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. Este problema afecta al kernel de Linux: desde v2.6.12-rc2 antes de v6.8-rc1. • https://bugzilla.openanolis.cn/show_bug.cgi?id=8081 • CWE-416: Use After Free •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-6200 – Kernel: icmpv6 router advertisement packets, aka linux tcp/ip remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-6200
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution. Se encontró una condición de ejecución en el kernel de Linux. Bajo ciertas condiciones, un atacante no autenticado de una red adyacente podría enviar un paquete de publicidad de enrutador ICMPv6, provocando la ejecución de código arbitrario. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-6200 https://bugzilla.redhat.com/show_bug.cgi?id=2250377 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23850
https://notcve.org/view.php?id=CVE-2024-23850
In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. En btrfs_get_root_ref en fs/btrfs/disk-io.c en el kernel de Linux hasta 6.7.1, puede haber una falla de aserción y un bloqueo porque un subvolumen se puede leer demasiado pronto después de que se inserta su elemento raíz durante la creación del subvolumen. • https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM https://lore.kernel.org/all/6a80cb4b32af89787dadee728310e5e2ca85343f.1705741883.git.wqu%40suse.com https://lore.kernel.org/lkml/CALGdzuo6awWdau3X=8XK547x2vX_-VoFmH1aPsqosRTQ5WzJVA%40mail.gmail.com •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51043 – kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c
https://notcve.org/view.php?id=CVE-2023-51043
In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. En el kernel de Linux anterior a 6.4.5, drivers/gpu/drm/drm_atomic.c tiene un use-after-free durante una condición de ejecución entre un commit atómico sin bloqueo y una descarga del controlador. A flaw was found in the Linux kernel Direct Rendering Infrastructure (DRI) subsystem in which a use-after-free can be caused when a user triggers a race condition between a nonblocking atomic commit and a driver unload. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.5 https://github.com/torvalds/linux/commit/4e076c73e4f6e90816b30fcd4a0d7ab365087255 https://access.redhat.com/security/cve/CVE-2023-51043 https://bugzilla.redhat.com/show_bug.cgi?id=2260005 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51042 – kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
https://notcve.org/view.php?id=CVE-2023-51042
In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free. En el kernel de Linux anterior a 6.4.12, amdgpu_cs_wait_all_fences en drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c tiene una barrera de use-after-free. A use-after-free flaw was found in the Linux kernel's AMD GPU driver which may allow access to members of a synchronization structure after the structure is freed. This issue could allow a local user to crash the system or to access confidential system memory. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12 https://github.com/torvalds/linux/commit/2e54154b9f27262efd0cb4f903cc7d5ad1fe9628 https://access.redhat.com/security/cve/CVE-2023-51042 https://bugzilla.redhat.com/show_bug.cgi?id=2259866 • CWE-416: Use After Free •