CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2612 – shiftfs lock unbalance in Ubuntu-specific kernels
https://notcve.org/view.php?id=CVE-2023-2612
30 May 2023 — Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock). It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges. It was discovered that the Broadcom FullMAC USB WiFi driver in th... • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-1786 – sensitive data exposure in cloud-init logs
https://notcve.org/view.php?id=CVE-2023-1786
26 Apr 2023 — Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. A vulnerability was found in cloud-init. With this flaw, exposure of sensitive data is possible in world-readable cloud-init logs. This flaw allows an attacker to use this information to find hashed passwords and possibly escalate their privilege. • https://bugs.launchpad.net/cloud-init/+bug/2013967 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 3%CPEs: 5EXPL: 5CVE-2023-1326 – local privilege escalation in apport-cli
https://notcve.org/view.php?id=CVE-2023-1326
13 Apr 2023 — A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. Chen Lu, Lei Wang, and YiQi Sun discovered a privilege escalation vulne... • https://github.com/diego-tella/CVE-2023-1326-PoC • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 0CVE-2023-1380 – Ubuntu Security Notice USN-6162-1
https://notcve.org/view.php?id=CVE-2023-1380
27 Mar 2023 — A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges. It wa... • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 3CVE-2023-0179 – kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan
https://notcve.org/view.php?id=CVE-2023-0179
24 Jan 2023 — A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discov... • https://github.com/TurtleARM/CVE-2023-0179-PoC • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2022-3328 – snap-confine must_mkdir_and_open_with_perms() Race Condition
https://notcve.org/view.php?id=CVE-2022-3328
01 Dec 2022 — Race condition in snap-confine's must_mkdir_and_open_with_perms() Condición de ejecución en must_mkdir_and_open_with_perms() de snap-confine The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing the private /tmp mount for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code. • https://packetstorm.news/files/id/170176 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 4CVE-2022-2602 – Linux Kernel io_uring Improper Update of Reference Count Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2602
18 Oct 2022 — io_uring UAF, Unix SCM garbage collection io_uring UAF, recolección de basura Unix SCM This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the io_uring API. The issue results from the improper management of a reference count. An attacker can leverage this vulnerability to escalate privileg... • https://packetstorm.news/files/id/176533 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-40617 – Gentoo Linux Security Advisory 202405-08
https://notcve.org/view.php?id=CVE-2022-40617
04 Oct 2022 — strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. strongSwan anterior a 5.9.8 permite a atacantes remotos provocar una Denegación de Servicio en el complemento d... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 3CVE-2022-41222 – kernel: mm/mremap.c use-after-free vulnerability
https://notcve.org/view.php?id=CVE-2022-41222
21 Sep 2022 — mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. El archivo mm/mremap.c en el kernel de Linux versiones anteriores a 5.13.3, presenta un uso de memoria previamente liberada por medio de un TLB obsoleto porque un bloqueo rmap no es mantenido durante un movimiento PUD A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code in how a race condition happens between rmap walk a... • https://packetstorm.news/files/id/168466 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2585 – kernel: posix cpu timer use-after-free may lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2022-2585
11 Aug 2022 — It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. Se descubrió que al ejecutar desde un subproceso no líder, los temporizadores de CPU POSIX armados se dejaban en una lista pero se liberaban, lo que generaba un use-after-free. A use-after-free flaw was found in the Linux kernel’s POSIX CPU timers functionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This f... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585 • CWE-416: Use After Free •