CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-23559 – Ubuntu Security Notice USN-5924-1
https://notcve.org/view.php?id=CVE-2023-23559
13 Jan 2023 — In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. En rndis_query_oid en drivers/net/wireless/rndis_wlan.c en el kernel de Linux hasta 6.1.5, hay un desbordamiento de enteros en una suma. It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was disc... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23455 – Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion
https://notcve.org/view.php?id=CVE-2023-23455
12 Jan 2023 — atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). A denial of service flaw was found in atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel. This issue may allow a local attacker to cause a denial of service due to type confusion. Non-negative numbers could indicate a TC_ACT_SHOT condition rather th... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23454 – kernel: slab-out-of-bounds read vulnerabilities in cbq_classify
https://notcve.org/view.php?id=CVE-2023-23454
12 Jan 2023 — cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). An out-of-bounds (OOB) read problem was found in cbq_classify in net/sched/sch_cbq.c in the Linux kernel. This issue may allow a local attacker to cause a denial of service due to type confusion. Non-negative numbers could indicate ... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12 • CWE-125: Out-of-bounds Read CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-4139 – kernel: i915: Incorrect GPU TLB flush can lead to random memory access
https://notcve.org/view.php?id=CVE-2022-4139
12 Jan 2023 — An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux... • https://bugzilla.redhat.com/show_bug.cgi?id=2147572 • CWE-281: Improper Preservation of Permissions CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-4379 – kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack
https://notcve.org/view.php?id=CVE-2022-4379
10 Jan 2023 — A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial of service. It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-aft... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2196 – Speculative execution attacks in KVM VMX
https://notcve.org/view.php?id=CVE-2022-2196
09 Jan 2023 — A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a A flaw was found in the KVM's Intel nested virtualization feature (nVMX). Since L1... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3628 – kernel: USB-accessible buffer overflow in brcmfmac
https://notcve.org/view.php?id=CVE-2022-3628
15 Dec 2022 — A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. Se encontró una falla de desbordamiento del búfer en el controlador Wi-Fi Broadcom Full MAC del kernel de Linux. Este problema ocurre cuando un usuario se conecta a un dispositivo USB malicioso. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c?id=6788ba8aed4e28e90f72d68a9d794e34eac17295 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-45869 – kernel: KVM: x86/mmu: race condition in direct_page_fault()
https://notcve.org/view.php?id=CVE-2022-45869
30 Nov 2022 — A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. Una condición de carrera en el subsistema KVM x86 en el kernel de Linux hasta 6.1-rc6 permite a los usuarios del sistema operativo invitado provocar una denegación de servicio (caída del sistema operativo anfitrión o corrupción de la memoria del sistema operativo anfitrión) cuando ... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=47b0c2e4c220f2251fd8dcfbb44479819c715e15 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2022-45919 – kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c
https://notcve.org/view.php?id=CVE-2022-45919
27 Nov 2022 — An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.10. En drivers/media/dvb-core/dvb_ca_en50221.c, puede ocurrir un use-after-free si hay una desconexión después de una apertura, debido a la falta de un wait_event. A race condition flaw leading to a use-after-free issue was found in the... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=280a8ab81733da8bc442253c700a52c4c0886ffd • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-45886 – kernel: use-after-free due to race condition occurring in dvb_net.c
https://notcve.org/view.php?id=CVE-2022-45886
25 Nov 2022 — An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/dvb-core/dvb_net.c tiene una condición de carrera .disconnect versus dvb_device_open que conduce a un use-after-free. A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the dvb_net component of... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4172385b0c9ac366dcab78eda48c26814b87ed1a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •