Page 218 of 2589 results (0.012 seconds)

CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0

CVE-2023-3141 – kernel: Use after free bug in r592_remove

https://notcve.org/view.php?id=CVE-2023-3141

A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This issue may allow a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw%40mail.gmail.com/t https://security.netapp.com/advisory/ntap-20230706-0004 https://access.redhat.com • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0

CVE-2023-3111

https://notcve.org/view.php?id=CVE-2023-3111

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). • https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://patchwork.kernel.org/project/linux-btrfs/patch/20220721074829.2905233-1-r33s3n6%40gmail.com https://security.netapp.com/advisory/ntap-20230703-0007 https://www.debian.org/security/2023/dsa-5480 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-2985

https://notcve.org/view.php?id=CVE-2023-2985

A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07db5e247ab5858439b14dd7cc1fe538b9efcf32 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-34256

https://notcve.org/view.php?id=CVE-2023-34256

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. Se ha descubierto un problema en el kernel de Linux en las versiones anteriores a 6.3.3. Hay una lectura fuera de límites en crc16 en "lib/crc16.c" cuando se llama dese "fs/ext4/super.c" porque "ext4_group_desc_csum" no comprueba correctamente un desplazamiento. • https://bugzilla.suse.com/show_bug.cgi?id=1211895 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f04351888a83e595571de672e0a4a8b74f4fb31 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321 • CWE-125: Out-of-bounds Read •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 2

CVE-2023-2002 – Kernel: bluetooth: Unauthorized management command execution

https://notcve.org/view.php?id=CVE-2023-2002

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. • https://github.com/lrh2000/CVE-2023-2002 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240202-0004 https://www.debian.org/security/2023/dsa-5480 https://www.openwall.com/lists/oss-security/2023/04/16/3 https://access.redhat.com/security/cve/CVE-2023-2002 https://bugzilla.redhat.com/show_bug.cgi?id=2187308 • CWE-250: Execution with Unnecessary Privileges CWE-863: Incorrect Authorization •