CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1513 – kernel: KVM: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems
https://notcve.org/view.php?id=CVE-2023-1513
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. • https://bugzilla.redhat.com/show_bug.cgi?id=2179892 https://github.com/torvalds/linux/commit/2c10b61421a28e95a46ab489fd56c0f442ff6952 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/kvm/20230214103304.3689213-1-gregkh%40linuxfoundation.org https://access.redhat.com/security/cve/CVE-2023-1513 • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1249 – kernel: missing mmap_lock in file_files_note that could possibly lead to a use after free in the coredump code
https://notcve.org/view.php?id=CVE-2023-1249
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. • http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html https://patchwork.kernel.org/project/linux-fsdevel/patch/87iltzn3nd.fsf_-_%40email.froward.int.ebiederm.org https://access.redhat.com/security/cve/CVE-2023-1249 https://bugzilla.redhat.com/show_bug.cgi?id=2169719 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48425
https://notcve.org/view.php?id=CVE-2022-48425
In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=467333af2f7b95eeaa61a5b5369a80063cd971fd https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/fs/ntfs3?id=467333af2f7b95eeaa61a5b5369a80063cd971fd https://security.netapp.com/advisory/ntap-20230413-0006 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48423
https://notcve.org/view.php?id=CVE-2022-48423
In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54e45702b648b7c0000e90b3e9b890e367e16ea8 https://security.netapp.com/advisory/ntap-20230505-0003 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0030
https://notcve.org/view.php?id=CVE-2023-0030
A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2157270 https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10 https://security.netapp.com/advisory/ntap-20230413-0010 • CWE-416: Use After Free •