CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-4569 – Kernel: information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c
https://notcve.org/view.php?id=CVE-2023-4569
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak. • https://access.redhat.com/security/cve/CVE-2023-4569 https://bugzilla.redhat.com/show_bug.cgi?id=2235470 https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230812110526.49808-1-fw@strlen.de https://www.debian.org/security/2023/dsa-5492 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4459 – Kernel: vmxnet3: null pointer dereference in vmxnet3_rq_cleanup()
https://notcve.org/view.php?id=CVE-2023-4459
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. • https://access.redhat.com/errata/RHSA-2024:0412 https://access.redhat.com/errata/RHSA-2024:1250 https://access.redhat.com/errata/RHSA-2024:1306 https://access.redhat.com/errata/RHSA-2024:1367 https://access.redhat.com/errata/RHSA-2024:1382 https://access.redhat.com/errata/RHSA-2024:2006 https://access.redhat.com/errata/RHSA-2024:2008 https://access.redhat.com/security/cve/CVE-2023-4459 https://bugzilla.redhat.com/show_bug.cgi?id=2219268 https://github.com/torvalds/ • CWE-476: NULL Pointer Dereference •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4394 – Memory leak in btrfs_get_dev_args_from_path()
https://notcve.org/view.php?id=CVE-2023-4394
A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information • https://access.redhat.com/security/cve/CVE-2023-4394 https://bugzilla.redhat.com/show_bug.cgi?id=2219263 https://patchwork.kernel.org/project/linux-btrfs/patch/20220815151606.3479183-1-r33s3n6@gmail.com • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4385 – Kernel: jfs: null pointer dereference in dbfree()
https://notcve.org/view.php?id=CVE-2023-4385
A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check. Se ha encontrado un fallo de desviación de puntero NULL en dbFree en fs/jfs/jfs_dmap.c en el sistema de archivos de registro diario (JFS) en el Kernel de Linux. Este problema puede permitir a un atacante local bloquear el sistema debido a la falta de una comprobación de sanidad. • https://access.redhat.com/security/cve/CVE-2023-4385 https://bugzilla.redhat.com/show_bug.cgi?id=2219272 https://github.com/torvalds/linux/commit/0d4837fdb796f99369cf7691d33de1b856bcaf1f • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-40283 – kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
https://notcve.org/view.php?id=CVE-2023-40283
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. A flaw was found in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.htm • CWE-416: Use After Free •