CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1990
https://notcve.org/view.php?id=CVE-2023-1990
12 Apr 2023 — A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2023-1989 – kernel: Use after free bug in btsdio_remove due to race condition
https://notcve.org/view.php?id=CVE-2023-1989
11 Apr 2023 — A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. A call to btsdio_remove with an unfinished job may cause a race problem which leads to a UAF on hdev devices. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-30456 – kernel: KVM: nVMX: missing consistency checks for CR0 and CR4
https://notcve.org/view.php?id=CVE-2023-30456
10 Apr 2023 — An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. A flaw was found in the KVM's Intel nested virtualization feature (nVMX). The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances (i.e., kvm_intel module loaded with parameters nested=1 and ept=0) this could allow a malicious guest to crash the host system, causing a denial of service. • http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-1476 – Kpatch: mm/mremap.c: incomplete fix for cve-2022-41222
https://notcve.org/view.php?id=CVE-2023-1476
05 Apr 2023 — A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. Se encontró una falla de use-after-free en el código fuente de contabilidad del espacio de direcciones de memoria mm/mremap del kernel de Linux. Este problema ocurre debido a una condición de ejecución entre rmap walk y mremap, lo qu... • https://access.redhat.com/errata/RHSA-2023:1659 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-1582 – kernel: Soft lockup occurred during __page_mapcount
https://notcve.org/view.php?id=CVE-2023-1582
05 Apr 2023 — A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. • https://lore.kernel.org/linux-mm/Yg6ac8WlwtnDH6M0%40kroah.com • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2023-1855 – kernel: use-after-free bug in remove function xgene_hwmon_remove
https://notcve.org/view.php?id=CVE-2023-1855
05 Apr 2023 — A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due ... • https://github.com/torvalds/linux/commit/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1 • CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 17EXPL: 0CVE-2023-1611
https://notcve.org/view.php?id=CVE-2023-1611
03 Apr 2023 — A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea • https://bugzilla.redhat.com/show_bug.cgi?id=2181342 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1670
https://notcve.org/view.php?id=CVE-2023-1670
30 Mar 2023 — A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28328 – kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c
https://notcve.org/view.php?id=CVE-2023-28328
29 Mar 2023 — A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=2177389 • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 27EXPL: 0CVE-2023-1077
https://notcve.org/view.php?id=CVE-2023-1077
27 Mar 2023 — In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •