CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1513 – kernel: KVM: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems
https://notcve.org/view.php?id=CVE-2023-1513
23 Mar 2023 — A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TC... • https://bugzilla.redhat.com/show_bug.cgi?id=2179892 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-1281 – UAF in Linux kernel's tcindex (traffic control index filter) implementation
https://notcve.org/view.php?id=CVE-2023-1281
22 Mar 2023 — Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. A use-after-free vulnerability was found in the ... • http://www.openwall.com/lists/oss-security/2023/04/11/3 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 13CVE-2023-0386 – kernel: FUSE filesystem low-privileged user privileges escalation
https://notcve.org/view.php?id=CVE-2023-0386
22 Mar 2023 — A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat ... • https://packetstorm.news/files/id/181886 • CWE-282: Improper Ownership Management •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48424 – Ubuntu Security Notice USN-6079-1
https://notcve.org/view.php?id=CVE-2022-48424
19 Mar 2023 — In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.3 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48423 – Ubuntu Security Notice USN-6079-1
https://notcve.org/view.php?id=CVE-2022-48423
19 Mar 2023 — In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.3 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48425 – Ubuntu Security Notice USN-6339-3
https://notcve.org/view.php?id=CVE-2022-48425
19 Mar 2023 — In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not proper... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=467333af2f7b95eeaa61a5b5369a80063cd971fd • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2023-28466 – kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference
https://notcve.org/view.php?id=CVE-2023-28466
15 Mar 2023 — do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). A use-after-free flaw was found in the do_tls_getsockopt function in net/tls/tls_main.c in the Transport Layer Security (TLS) in the Network subcompact in the Linux kernel. This flaw allows an attacker to cause a NULL pointer dereference problem due to a race condition. It was discovered that the Traffic-Control Index imp... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2CVE-2023-0210 – Ubuntu Security Notice USN-6079-1
https://notcve.org/view.php?id=CVE-2023-0210
03 Mar 2023 — A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not prope... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3707 – kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed
https://notcve.org/view.php?id=CVE-2022-3707
03 Mar 2023 — A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. • https://bugzilla.redhat.com/show_bug.cgi?id=2137979 • CWE-415: Double Free CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1118 – kernel: use-after-free in drivers/media/rc/ene_ir.c due to race condition
https://notcve.org/view.php?id=CVE-2023-1118
02 Mar 2023 — A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. A use-after-free flaw was found in the Linux kernel's integrated infrared receiver/transceiver driver. This issue occurs when a user detaches a rc device. This could allow a local user to crash the system or potentially escalate their privileges on the system. • https://github.com/torvalds/linux/commit/29b0589a865b6f66d141d79b2dd1373e4e50fe17 • CWE-416: Use After Free •