CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22999
https://notcve.org/view.php?id=CVE-2023-22999
In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer). • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3 https://github.com/torvalds/linux/commit/b52fe2dbb3e655eb1483000adfab68a219549e13 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 1CVE-2023-26607
https://notcve.org/view.php?id=CVE-2023-26607
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. • https://bugzilla.suse.com/show_bug.cgi?id=1208703 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36a4d82dddbbd421d2b8e79e1cab68c8126d5075 https://lkml.org/lkml/2023/2/21/1353 https://security.netapp.com/advisory/ntap-20230316-0010 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2023-26545 – kernel: mpls: double free on sysctl allocation failure
https://notcve.org/view.php?id=CVE-2023-26545
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377 https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230316-0009 https://access.redhat.com/security/cve/CVE-2023-26545 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 3CVE-2023-0045 – Incorrect indirect branch prediction barrier in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-0045
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 • https://github.com/ASkyeye/CVE-2023-0045 https://github.com/es0j/CVE-2023-0045 https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96 https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230714-0001 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23039
https://notcve.org/view.php?id=CVE-2023-23039
An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). • https://lkml.org/lkml/2023/1/1/169 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •