CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0CVE-2023-38428
https://notcve.org/view.php?id=CVE-2023-38428
17 Jul 2023 — An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-38430 – Ubuntu Security Notice USN-6466-1
https://notcve.org/view.php?id=CVE-2023-38430
17 Jul 2023 — An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read. Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition exist... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9 • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-38431 – Ubuntu Security Notice USN-6466-1
https://notcve.org/view.php?id=CVE-2023-38431
17 Jul 2023 — An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read. Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use thi... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.8 • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0CVE-2023-38432 – Ubuntu Security Notice USN-6466-1
https://notcve.org/view.php?id=CVE-2023-38432
17 Jul 2023 — An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.10 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 3CVE-2023-35001 – Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability
https://notcve.org/view.php?id=CVE-2023-35001
05 Jul 2023 — Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace Vulnerabilidad de Lectura/Escritura en nftables Fuera de los Límites del kernel de Linux; nft_byteorder administra incorrectamente los contenidos de registro de VM cuando CAP_NET_ADMIN está en cualquier espacio de nombres de usuario o red An out-of-bounds (OOB) memory access flaw was found in the Netfilter module in the Linux kernel's nft_byte... • https://github.com/synacktiv/CVE-2023-35001 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2023-3390 – Use-after-free in Linux kernel's netfilter subsystem
https://notcve.org/view.php?id=CVE-2023-3390
28 Jun 2023 — A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. Se encontró una vulnerabilidad de use-after-free en el subsistema netfilt... • https://github.com/flygonty/CVE-2023-3390_PoC • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1295 – Privilege escalation with IO_RING_OP_CLOSE in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-1295
28 Jun 2023 — A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=788d0824269bef539fe31a785b1517882eafed93 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 4.4EPSS: 0%CPEs: 18EXPL: 0CVE-2023-3212 – kernel: gfs2: NULL pointer dereference in gfs2_evict_inode()
https://notcve.org/view.php?id=CVE-2023-3212
23 Jun 2023 — A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. A NULL pointer dereference flaw was found in the gfs2 file system in the Linux kernel. This issue occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structu... • https://bugzilla.redhat.com/show_bug.cgi?id=2214348 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 21EXPL: 0CVE-2023-2911 – Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0
https://notcve.org/view.php?id=CVE-2023-2911
21 Jun 2023 — If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `st... • http://www.openwall.com/lists/oss-security/2023/06/21/6 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-2829 – Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled
https://notcve.org/view.php?id=CVE-2023-2829
21 Jun 2023 — A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1. A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec... • https://kb.isc.org/docs/cve-2023-2829 •