CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-2162 – kernel: UAF during login when accessing the shost ipaddress
https://notcve.org/view.php?id=CVE-2023-2162
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. A use-after-free flaw was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in the SCSI sub-component in the Linux Kernel. This issue could allow an attacker to leak kernel internal information. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://www.spinics.net/lists/linux-scsi/msg181542.html https://access.redhat.com/security/cve/CVE-2023-2162 https://bugzilla.redhat.com/show_bug.cgi?id=2187773 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-2166 – kernel: NULL pointer dereference in can_rcv_filter
https://notcve.org/view.php?id=CVE-2023-2166
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. A NULL pointer dereference issue was found in the can protocol in net/can/af_can.c in the Linux kernel, where ml_priv may not be initialized in the receive path of CAN frames. This flaw allows a local user to crash the system or cause a denial of service. • https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com https://access.redhat.com/security/cve/CVE-2023-2166 https://bugzilla.redhat.com/show_bug.cgi?id=2187813 • CWE-476: NULL Pointer Dereference •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30772
https://notcve.org/view.php?id=CVE-2023-30772
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. • https://bugzilla.suse.com/show_bug.cgi?id=1210329 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06615d11cc78162dfd5116efb71f29eb29502d37 https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html • CWE-416: Use After Free •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 1CVE-2023-2008 – Linux Kernel udmabuf Improper Validation of Array Index Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2008
A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. A flaw was found in the Linux kernel's udmabuf device driver, within a fault handler. • https://github.com/bluefrostsecurity/CVE-2023-2008 https://bugzilla.redhat.com/show_bug.cgi?id=2186862 https://github.com/torvalds/linux/commit/05b252cccb2e5c3f56119d25de684b4f810ba4 https://security.netapp.com/advisory/ntap-20230517-0007 https://www.zerodayinitiative.com/advisories/ZDI-23-441 https://access.redhat.com/security/cve/CVE-2023-2008 • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-2007 – Linux Kernel DPT I2O Controller Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-2007
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DPT I2O Controller driver. • https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240119-0011 https://www.debian.org/security/2023/dsa-5480 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-667: Improper Locking •