CVE-2023-0240 – Use after free in io_uring in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-0240
There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring?h=linux-5.10.y&id=788d0824269bef539fe31a785b1517882eafed93 https://github.com/gregkh/linux/commit/1e6fa5216a0e59ef02e8b6b40d553238a3b81d49 https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93 • CWE-416: Use After Free •
CVE-2023-0469
https://notcve.org/view.php?id=CVE-2023-0469
A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service. Se encontró una falla de use-after-free en io_uring/filetable.c en io_install_fixed_file en el subcomponente io_uring en el kernel de Linux durante la limpieza de llamadas. Este defecto puede dar lugar a una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2163723 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-416: Use After Free •
CVE-2023-0468
https://notcve.org/view.php?id=CVE-2023-0468
A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference. Se encontró una falla de use-after-free en io_uring/poll.c en io_poll_check_events en el subcomponente io_uring en el kernel de Linux debido a una condición de ejecución de poll_refs. Este defecto puede provocar una desreferencia del puntero NULL. • https://bugzilla.redhat.com/show_bug.cgi?id=2164024 • CWE-416: Use After Free •
CVE-2023-0394 – kernel: NULL pointer dereference in rawv6_push_pending_frames
https://notcve.org/view.php?id=CVE-2023-0394
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb3e9864cdbe35ff6378966660edbcbac955fe17 https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230302-0005 https://access.redhat.com/security/cve/CVE-2023-0394 https://bugzilla.redhat.com/show_bug.cgi?id=2162120 • CWE-476: NULL Pointer Dereference •
CVE-2022-41858 – kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip
https://notcve.org/view.php?id=CVE-2022-41858
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. • https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798 https://security.netapp.com/advisory/ntap-20230223-0006 https://access.redhat.com/security/cve/CVE-2022-41858 https://bugzilla.redhat.com/show_bug.cgi?id=2144379 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •