CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-21803 – Possible UAF in bt_accept_poll in Linux kernel
https://notcve.org/view.php?id=CVE-2024-21803
Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1. Vulnerabilidad de Use After Free en El kernel de Linux en Linux, x86, ARM (módulos bluetooth) permite la ejecución local de código. Esta vulnerabilidad está asociada con archivos de programa https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. Este problema afecta al kernel de Linux: desde v2.6.12-rc2 antes de v6.8-rc1. • https://bugzilla.openanolis.cn/show_bug.cgi?id=8081 • CWE-416: Use After Free •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-6200 – Kernel: icmpv6 router advertisement packets, aka linux tcp/ip remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-6200
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution. Se encontró una condición de ejecución en el kernel de Linux. Bajo ciertas condiciones, un atacante no autenticado de una red adyacente podría enviar un paquete de publicidad de enrutador ICMPv6, provocando la ejecución de código arbitrario. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-6200 https://bugzilla.redhat.com/show_bug.cgi?id=2250377 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22099 – NULL pointer deference in rfcomm_check_security in Linux kernel
https://notcve.org/view.php?id=CVE-2024-22099
NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2. Vulnerabilidad de desreferencia de puntero NULL en el kernel de Linux en Linux, x86, ARM (módulos de red, bluetooth) permite desbordamiento de búferes. Esta vulnerabilidad está asociada con los archivos de programa /net/bluetooth/rfcomm/core.C. Este problema afecta al kernel de Linux: v2.6.12-rc2. • https://bugzilla.openanolis.cn/show_bug.cgi?id=7956 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23307 – Integer overflow in raid5_cache_count in Linux kernel
https://notcve.org/view.php?id=CVE-2024-23307
Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow. Desbordamiento de enteros o vulnerabilidad Wraparound en el kernel de Linux en Linux, x86, ARM (módulos md, raid, raid5) permite el desbordamiento de enteros forzado. • https://bugzilla.openanolis.cn/show_bug.cgi?id=7975 https://access.redhat.com/security/cve/CVE-2024-23307 https://bugzilla.redhat.com/show_bug.cgi?id=2267705 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23848 – kernel: use-after-free in cec_queue_msg_fh
https://notcve.org/view.php?id=CVE-2024-23848
In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. En el kernel de Linux hasta 6.7.1, hay un use-after-free en cec_queue_msg_fh, relacionado con drivers/media/cec/core/cec-adap.c y drivers/media/cec/core/cec-api.c. A vulnerability was found in the Linux kernel. A use-after-free exists in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. • https://lore.kernel.org/lkml/e9f42704-2f99-4f2c-ade5-f952e5fd53e5%40xs4all.nl https://access.redhat.com/security/cve/CVE-2024-23848 https://bugzilla.redhat.com/show_bug.cgi?id=2260038 • CWE-416: Use After Free •