CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0590 – kernel: use-after-free due to race condition in qdisc_graft()
https://notcve.org/view.php?id=CVE-2023-0590
10 Feb 2023 — A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. • https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0615
https://notcve.org/view.php?id=CVE-2023-0615
06 Feb 2023 — A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled. • https://bugzilla.redhat.com/show_bug.cgi?id=2166287 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound CWE-369: Divide By Zero CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2023-25012
https://notcve.org/view.php?id=CVE-2023-25012
01 Feb 2023 — The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. • http://www.openwall.com/lists/oss-security/2023/02/02/1 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 1CVE-2023-0468
https://notcve.org/view.php?id=CVE-2023-0468
25 Jan 2023 — A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference. Se encontró una falla de use-after-free en io_uring/poll.c en io_poll_check_events en el subcomponente io_uring en el kernel de Linux debido a una condición de ejecución de poll_refs. Este defecto puede provocar una desreferencia del puntero NULL. • https://bugzilla.redhat.com/show_bug.cgi?id=2164024 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2023-0469
https://notcve.org/view.php?id=CVE-2023-0469
25 Jan 2023 — A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service. Se encontró una falla de use-after-free en io_uring/filetable.c en io_install_fixed_file en el subcomponente io_uring en el kernel de Linux durante la limpieza de llamadas. Este defecto puede dar lugar a una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2163723 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 3CVE-2023-0179 – kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan
https://notcve.org/view.php?id=CVE-2023-0179
24 Jan 2023 — A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. • https://github.com/TurtleARM/CVE-2023-0179-PoC • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.9EPSS: 0%CPEs: 6EXPL: 1CVE-2023-0266 – Linux Kernel Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2023-0266
24 Jan 2023 — A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal pri... • https://github.com/SeanHeelan/claude_opus_cve_2023_0266 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0394 – kernel: NULL pointer dereference in rawv6_push_pending_frames
https://notcve.org/view.php?id=CVE-2023-0394
24 Jan 2023 — A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb3e9864cdbe35ff6378966660edbcbac955fe17 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-47929 – kernel: NULL pointer dereference in traffic control subsystem
https://notcve.org/view.php?id=CVE-2022-47929
17 Jan 2023 — In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. A NULL pointer dereference flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux kernel. This issue may allow a local unprivileged user to trigger a denial of service if the alloc... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2022-41858 – kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip
https://notcve.org/view.php?id=CVE-2022-41858
17 Jan 2023 — A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. • https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •