CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 1CVE-2023-35828 – Ubuntu Security Notice USN-6283-1
https://notcve.org/view.php?id=CVE-2023-35828
18 Jun 2023 — It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. • https://github.com/Trinadh465/linux-4.19.72_CVE-2023-35828 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-35829 – Ubuntu Security Notice USN-6283-1
https://notcve.org/view.php?id=CVE-2023-35829
18 Jun 2023 — It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1CVE-2022-48502 – Ubuntu Security Notice USN-6300-1
https://notcve.org/view.php?id=CVE-2022-48502
31 May 2023 — It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2023-2898 – Ubuntu Security Notice USN-6339-3
https://notcve.org/view.php?id=CVE-2023-2898
26 May 2023 — It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. • https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 7%CPEs: 9EXPL: 0CVE-2023-32248 – Tree connection null pointer dereference denial-of-service vulnerability
https://notcve.org/view.php?id=CVE-2023-32248
17 May 2023 — It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. • https://access.redhat.com/security/cve/CVE-2023-32248 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48425 – Ubuntu Security Notice USN-6339-3
https://notcve.org/view.php?id=CVE-2022-48425
19 Mar 2023 — In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not proper... • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/fs/ntfs3? • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 2CVE-2023-26607 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2023-26607
26 Feb 2023 — In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. • https://github.com/Trinadh465/linux-4.1.15_CVE-2023-26607 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-26544 – Ubuntu Security Notice USN-6079-1
https://notcve.org/view.php?id=CVE-2023-26544
25 Feb 2023 — In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. • https://bugzilla.suse.com/show_bug.cgi?id=1208697 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4842 – Ubuntu Security Notice USN-6235-1
https://notcve.org/view.php?id=CVE-2022-4842
12 Jan 2023 — A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system. Se encontró una falla en la desreferencia del puntero NULL en la función del controlador NTFS3 del kernel de Linux attr_punch_hole(). Un usuario local podría utilizar esta falla para bloquear el sistema. It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. • https://lore.kernel.org/ntfs3/784f82c4-de71-b8c3-afd6-468869a369af%40paragon-software.com/T/#t • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2022-1973 – Ubuntu Security Notice USN-5599-1
https://notcve.org/view.php?id=CVE-2022-1973
21 Jul 2022 — A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. ... Se encontró un defecto de uso de memoria previamente liberada en el kernel de Linux en la función log_replay en el archivo fs/ntfs3/fslog.c en el diario NTFS. • https://bugzilla.redhat.com/show_bug.cgi?id=2092542 • CWE-416: Use After Free •