CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4389 – Kernel: btrfs: double free in btrfs_get_root_ref()
https://notcve.org/view.php?id=CVE-2023-4389
16 Aug 2023 — A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. Se encontró una falla en btrfs_get_root_ref en fs/btrfs/disk-io.c en el sistema de archivos btrfs en el Kernel de Linux debido a un doble decremento del conteo de referencias. Este problema puede permitir a un atacante local con... • https://access.redhat.com/security/cve/CVE-2023-4389 • CWE-415: Double Free •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2023-4387 – Kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf()
https://notcve.org/view.php?id=CVE-2023-4387
16 Aug 2023 — A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. Se encontró una falla de use-after-free en vmxnet3_rq_alloc_rx_buf en drivers/net/vmxnet3/vmxnet3_drv.c en el controlador NIC Ethernet vmxnet3 de VMware en el kernel de Lin... • https://access.redhat.com/security/cve/CVE-2023-4387 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4385 – Kernel: jfs: null pointer dereference in dbfree()
https://notcve.org/view.php?id=CVE-2023-4385
16 Aug 2023 — A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check. Se ha encontrado un fallo de desviación de puntero NULL en dbFree en fs/jfs/jfs_dmap.c en el sistema de archivos de registro diario (JFS) en el Kernel de Linux. Este problema puede permitir a un atacante local bloquear el sistema debido a la falta de una comprobación de sanidad. • https://access.redhat.com/security/cve/CVE-2023-4385 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-40283 – kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
https://notcve.org/view.php?id=CVE-2023-40283
14 Aug 2023 — An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. A flaw was found in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 18EXPL: 1CVE-2023-4273 – Kernel: exfat: stack overflow in exfat_get_uniname_from_ext_entry
https://notcve.org/view.php?id=CVE-2023-4273
09 Aug 2023 — A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. Se ha encontrado un fallo en el controlador exFAT del núcleo de Linu... • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-4194 – Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid
https://notcve.org/view.php?id=CVE-2023-4194
07 Aug 2023 — A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that t... • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2023-4147 – Kernel: netfilter: nf_tables_newrule when adding a rule with nfta_rule_chain_id leads to use-after-free
https://notcve.org/view.php?id=CVE-2023-4147
07 Aug 2023 — A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. Se encontró una falla de use-after-free en la funcionalidad Netfilter del kernel de Linux al agregar una regla con NFTA_RULE_CHAIN_ID. Esta falla permite a un usuario local bloquear o escalar sus privilegios en el sistema. • https://github.com/murdok1982/Exploit-en-Python-para-CVE-2023-4147 • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 55EXPL: 0CVE-2023-20811
https://notcve.org/view.php?id=CVE-2023-20811
07 Aug 2023 — In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061. • https://corp.mediatek.com/product-security-bulletin/August-2023 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 55EXPL: 0CVE-2023-20810
https://notcve.org/view.php?id=CVE-2023-20810
07 Aug 2023 — In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061. • https://corp.mediatek.com/product-security-bulletin/August-2023 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-4132 – Kernel: smsusb: use-after-free caused by do_submit_urb()
https://notcve.org/view.php?id=CVE-2023-4132
03 Aug 2023 — A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. • https://access.redhat.com/errata/RHSA-2023:6901 • CWE-416: Use After Free •