CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48423
https://notcve.org/view.php?id=CVE-2022-48423
In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54e45702b648b7c0000e90b3e9b890e367e16ea8 https://security.netapp.com/advisory/ntap-20230505-0003 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-1390 – kernel: remote DoS in TIPC kernel module
https://notcve.org/view.php?id=CVE-2023-1390
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition. • https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5 https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6 https://infosec.exchange/%40_mattata/109427999461122360 https://security.netapp.com/advisory/ntap-20230420-0001 https://access.redhat.com/security/cve/CVE-2023-1390 https://bugzilla.redhat.com/show_bug.cgi?id=2178212 • CWE-1050: Excessive Platform Resource Consumption within a Loop •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0030
https://notcve.org/view.php?id=CVE-2023-0030
A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2157270 https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10 https://security.netapp.com/advisory/ntap-20230413-0010 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3707 – kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed
https://notcve.org/view.php?id=CVE-2022-3707
A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2137979 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz%40163.com https://access.redhat.com/security/cve/CVE-2022-3707 • CWE-415: Double Free CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1118 – kernel: use-after-free in drivers/media/rc/ene_ir.c due to race condition
https://notcve.org/view.php?id=CVE-2023-1118
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. A use-after-free flaw was found in the Linux kernel's integrated infrared receiver/transceiver driver. This issue occurs when a user detaches a rc device. This could allow a local user to crash the system or potentially escalate their privileges on the system. • https://github.com/torvalds/linux/commit/29b0589a865b6f66d141d79b2dd1373e4e50fe17 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230413-0003 https://access.redhat.com/security/cve/CVE-2023-1118 https://bugzilla.redhat.com/show_bug.cgi?id=2174400 • CWE-416: Use After Free •