CVE-2023-3159
https://notcve.org/view.php?id=CVE-2023-3159
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. • https://github.com/torvalds/linux/commit/b7c81f80246fac44077166f3e07103affe6db8ff • CWE-416: Use After Free •
CVE-2023-3161 – kernel: fbcon: shift-out-of-bounds in fbcon_set_font()
https://notcve.org/view.php?id=CVE-2023-3161
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing a font->width and font->height greater than 32 to the fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs, leading to undefined behavior and possible denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=2213485 https://github.com/torvalds/linux/commit/2b09d5d364986f724f17001ccfe4126b9b43a0be https://access.redhat.com/security/cve/CVE-2023-3161 • CWE-682: Incorrect Calculation CWE-1335: Incorrect Bitwise Shift of Integer •
CVE-2023-3141 – kernel: Use after free bug in r592_remove
https://notcve.org/view.php?id=CVE-2023-3141
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This issue may allow a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw%40mail.gmail.com/t https://security.netapp.com/advisory/ntap-20230706-0004 https://access.redhat.com • CWE-416: Use After Free •
CVE-2023-3111
https://notcve.org/view.php?id=CVE-2023-3111
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). • https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://patchwork.kernel.org/project/linux-btrfs/patch/20220721074829.2905233-1-r33s3n6%40gmail.com https://security.netapp.com/advisory/ntap-20230703-0007 https://www.debian.org/security/2023/dsa-5480 • CWE-416: Use After Free •
CVE-2023-2985
https://notcve.org/view.php?id=CVE-2023-2985
A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07db5e247ab5858439b14dd7cc1fe538b9efcf32 • CWE-416: Use After Free •