CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3108 – Kernel: a race condition in crypto module in the function skcipher_recvmsg
https://notcve.org/view.php?id=CVE-2023-3108
11 Jul 2023 — A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allows a local user to crash the system. • https://access.redhat.com/security/cve/CVE-2023-3108 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37453 – kernel: usb: out-of-bounds read in read_descriptors
https://notcve.org/view.php?id=CVE-2023-37453
06 Jul 2023 — An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c. An out-of-bounds read issue was found in the USB subsystem in the Linux kernel. This flaw allows a malicious user to crash the system, resulting in a denial of service condition. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e4c574225cc5a0553115e5eb5787d1474db5b0f • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2023-37454
https://notcve.org/view.php?id=CVE-2023-37454
06 Jul 2023 — An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-37454 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 3CVE-2023-35001 – Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability
https://notcve.org/view.php?id=CVE-2023-35001
05 Jul 2023 — Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace Vulnerabilidad de Lectura/Escritura en nftables Fuera de los Límites del kernel de Linux; nft_byteorder administra incorrectamente los contenidos de registro de VM cuando CAP_NET_ADMIN está en cualquier espacio de nombres de usuario o red An out-of-bounds (OOB) memory access flaw was found in the Netfilter module in the Linux kernel's nft_byte... • https://github.com/synacktiv/CVE-2023-35001 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-2430
https://notcve.org/view.php?id=CVE-2023-2430
30 Jun 2023 — A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e12d7a46f65ae4b7d58a5e0c1cbfa825cf8 • CWE-413: Improper Resource Locking CWE-667: Improper Locking •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 2CVE-2023-3338 – Crash due to a null pointer dereference in the dn_nsp_send function
https://notcve.org/view.php?id=CVE-2023-3338
30 Jun 2023 — A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system. • https://github.com/TurtleARM/CVE-2023-3338-DECPwn • CWE-476: NULL Pointer Dereference •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1206 – kernel: hash collisions in the IPv6 connection lookup table
https://notcve.org/view.php?id=CVE-2023-1206
30 Jun 2023 — A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. • https://bugzilla.redhat.com/show_bug.cgi?id=2175903 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2023-3390 – Use-after-free in Linux kernel's netfilter subsystem
https://notcve.org/view.php?id=CVE-2023-3390
28 Jun 2023 — A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. Se encontró una vulnerabilidad de use-after-free en el subsistema netfilt... • https://github.com/flygonty/CVE-2023-3390_PoC • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2023-3090 – Out-of-bounds write in Linux kernel's ipvlan network driver
https://notcve.org/view.php?id=CVE-2023-3090
28 Jun 2023 — A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. Una vulnerabilidad de escritura fuera de los límites de la memoria en el controlador de red ipvlan del kernel de Linux se puede explotar p... • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html • CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-3439
https://notcve.org/view.php?id=CVE-2023-3439
28 Jun 2023 — A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service. • http://www.openwall.com/lists/oss-security/2023/07/02/1 • CWE-416: Use After Free •