CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32269
https://notcve.org/view.php?id=CVE-2023-32269
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.11 https://github.com/torvalds/linux/commit/611792920925fb088ddccbe2783c7f92fdfb6b64 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0458 – Spectre V1 Gadget in do_prlimit in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-0458
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 A vulnerabilty was found in Linux Kernel, where a speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/kernel/sys.c?id=v6.1.8&id2=v6.1.7 https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://access.redhat.com/security/cve/CVE-2023-0458 https://bugzilla.redhat.com/show_bug.cgi?id=2193219 • CWE-476: NULL Pointer Dereference •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 2CVE-2023-1998 – Spectre v2 SMT mitigations problem in Linux kernel
https://notcve.org/view.php?id=CVE-2023-1998
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. • https://www.exploit-db.com/exploits/51384 https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx https://github.com/torvalds/linux/commit/6921ed9049bc7457f66c1596c5b78aec0dae4a9d https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://access.redhat.com/security/cve/CVE-2023-1998 https://bugzilla.redhat.com/show_bug.cgi?id=2187257 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy CWE-1303: Non-Transparent Sharing of Microarchitectural Resources •
CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0CVE-2023-2194 – kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()
https://notcve.org/view.php?id=CVE-2023-2194
An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not limited to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. • https://bugzilla.redhat.com/show_bug.cgi?id=2188396 https://github.com/torvalds/linux/commit/92fbb6d1296f https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://access.redhat.com/security/cve/CVE-2023-2194 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2177 – Kernel: NULL pointer dereference problem in sctp_sched_dequeue_common
https://notcve.org/view.php?id=CVE-2023-2177
A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service. A NULL pointer dereference issue was found in the SCTP network protocol in net/sctp/stream_sched.c in the Linux kernel. If stream_in allocation fails, stream_out is freed, which would be accessed further. • https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=181d8d2066c0 https://access.redhat.com/security/cve/CVE-2023-2177 https://bugzilla.redhat.com/show_bug.cgi?id=2187953 • CWE-476: NULL Pointer Dereference •