CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6679 – Kernel: null pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c
https://notcve.org/view.php?id=CVE-2023-6679
A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service. Se encontró una vulnerabilidad de desreferencia de puntero nulo en dpll_pin_parent_pin_set() en drivers/dpll/dpll_netlink.c en el subsistema Digital Phase Locked Loop (DPLL) en el kernel de Linux. Este problema podría aprovecharse para provocar una denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0448 https://access.redhat.com/errata/RHSA-2024:0461 https://access.redhat.com/security/cve/CVE-2023-6679 https://bugzilla.redhat.com/show_bug.cgi?id=2253986 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBVHM4LGMFIHBN4UBESYRFMYX3WUICV5 https://lore.ke • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2023-5972 – Kernel: the nfta_inner_num and nfta_expr_name netlink attributes accessed without checking its presence in nft_inner.c
https://notcve.org/view.php?id=CVE-2023-5972
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system. Se encontró una falla de desreferencia de puntero nulo en la funcionalidad nft_inner.c de netfilter en el kernel de Linux. Este problema podría permitir que un usuario local bloquee el sistema o aumente sus privilegios en el sistema. • https://access.redhat.com/security/cve/CVE-2023-5972 https://bugzilla.redhat.com/show_bug.cgi?id=2248189 https://github.com/torvalds/linux/commit/505ce0630ad5d31185695f8a29dde8d29f28faa7 https://github.com/torvalds/linux/commit/52177bbf19e6e9398375a148d2e13ed492b40b80 • CWE-476: NULL Pointer Dereference •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6238 – Kernel: nvme: memory corruption via unprivileged user passthrough
https://notcve.org/view.php?id=CVE-2023-6238
A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption. Se encontró una vulnerabilidad de desbordamiento del búfer en el controlador NVM Express (NVMe) en el kernel de Linux. Un usuario sin privilegios podría especificar un metabúfer pequeño y permitir que el dispositivo realice un Direct Memory Access (DMA) más grande en el mismo búfer, sobrescribiendo la memoria del kernel no relacionada, provocando fallas aleatorias del kernel y corrupción de la memoria. • https://access.redhat.com/security/cve/CVE-2023-6238 https://bugzilla.redhat.com/show_bug.cgi?id=2250834 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39198 – Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()
https://notcve.org/view.php?id=CVE-2023-39198
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Se encontró una condición de ejecución en el controlador QXL del kernel de Linux. La función qxl_mode_dumb_create() desreferencia el qobj devuelto por qxl_gem_object_create_with_handle(), pero el identificador es el único que contiene una referencia a él. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39198 https://bugzilla.redhat.com/show_bug.cgi?id=2218332 https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1194 – Use-after-free in parse_lease_state()
https://notcve.org/view.php?id=CVE-2023-1194
An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. Se encontró una falla de lectura de memoria Out-Of-Bounds (OOB) en parse_lease_state en la implementación KSMBD del servidor samba en el kernel y CIFS en el kernel de Linux. Cuando un atacante envía el comando CREATE con un payload mal formada a KSMBD, debido a una verificación faltante de `NameOffset` en la función `parse_lease_state()`, el objeto `create_context` puede acceder a memoria no válida. • https://access.redhat.com/security/cve/CVE-2023-1194 https://bugzilla.redhat.com/show_bug.cgi?id=2154176 https://security.netapp.com/advisory/ntap-20231221-0006 https://www.spinics.net/lists/stable-commits/msg303065.html • CWE-125: Out-of-bounds Read CWE-416: Use After Free •