CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 2CVE-2023-6531 – Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf
https://notcve.org/view.php?id=CVE-2023-6531
02 Jan 2024 — A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. Se encontró una falla de use-after-free en el kernel de Linux debido a un problema de ejecución en la eliminación de ejecución de SKB por parte del recolector de basura de Unix con unix_stream_read_generic() en el socket en el que el SKB está en cola. It was discovered that a race condition existed in the ATM ... • https://packetstorm.news/files/id/176533 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 35EXPL: 0CVE-2023-51779 – kernel: bluetooth: bt_sock_ioctl race condition leads to use-after-free in bt_sock_recvmsg
https://notcve.org/view.php?id=CVE-2023-51779
25 Dec 2023 — bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition. bt_sock_recvmsg en net/bluetooth/af_bluetooth.c en el kernel de Linux hasta 6.6.8 tiene un use-after-free debido a una condición de ejecución bt_sock_ioctl. A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the bt_sock_recvmsg() and bt_sock_ioctl() functions could lead to a use-after-free on a socket buffer ("skb"). This fla... • https://github.com/torvalds/linux/commit/2e07e8348ea454615e268222ae3fc240421be768 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2023-6546 – Kernel: gsm multiplexing race condition leads to privilege escalation
https://notcve.org/view.php?id=CVE-2023-6546
21 Dec 2023 — A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system. Se encontró una condición de ejecución en el multiplexor tty GSM 0710 en el kernel de Linux. Este problema ocurre c... • https://github.com/harithlab/CVE-2023-6546 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6679 – Kernel: null pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c
https://notcve.org/view.php?id=CVE-2023-6679
11 Dec 2023 — A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service. Se encontró una vulnerabilidad de desreferencia de puntero nulo en dpll_pin_parent_pin_set() en drivers/dpll/dpll_netlink.c en el subsistema Digital Phase Locked Loop (DPLL) en el kernel de Linux. Este problema podría aprovecharse para provocar una denegación de servi... • https://access.redhat.com/errata/RHSA-2024:0439 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-6622 – Kernel: null pointer dereference vulnerability in nft_dynset_init()
https://notcve.org/view.php?id=CVE-2023-6622
08 Dec 2023 — A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service. Se encontró una vulnerabilidad de desreferencia de puntero nulo en nft_dynset_init() en net/netfilter/nft_dynset.c en nf_tables en el kernel de Linux. Este problema puede permitir que un atacante local con privilegios de usuario CAP_NET_ADMIN active una denegación de serv... • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 2CVE-2023-6610 – Kernel: oob access in smb2_dump_detail
https://notcve.org/view.php?id=CVE-2023-6610
08 Dec 2023 — An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. Se encontró una vulnerabilidad de lectura fuera de los límites en smb2_dump_detail en fs/smb/client/smb2ops.c en el kernel de Linux. Este problema podría permitir que un atacante local bloquee el sistema o filtre información interna del kernel. It was discovered that the CIFS network file system impl... • https://access.redhat.com/errata/RHSA-2024:0723 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 2CVE-2023-6606 – Kernel: out-of-bounds read vulnerability in smbcalcsize
https://notcve.org/view.php?id=CVE-2023-6606
08 Dec 2023 — An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. Se encontró una vulnerabilidad de lectura fuera de los límites en smbCalcSize en fs/smb/client/netmisc.c en el kernel de Linux. Este problema podría permitir que un atacante local bloquee el sistema o filtre información interna del kernel. It was discovered that the CIFS network file system implementation... • https://access.redhat.com/errata/RHSA-2024:0723 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6176 – Kernel: local dos vulnerability in scatterwalk_copychunks
https://notcve.org/view.php?id=CVE-2023-6176
16 Nov 2023 — A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. Se encontró una falla de desreferencia de puntero nulo en la API del kernel de Linux para la funcionalidad de dispersión del algoritmo criptográfico. Este problema ocurre cuando un usuario constru... • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39198 – Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()
https://notcve.org/view.php?id=CVE-2023-39198
09 Nov 2023 — A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Se encontró una condición de ejecución en el controlador QXL del kernel de Linux. La función qxl_mode_dumb_cr... • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-5090 – Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs
https://notcve.org/view.php?id=CVE-2023-5090
06 Nov 2023 — A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Se encontró una falla en KVM. Una verificación incorrecta en svm_set_x2apic_msr_interception() puede permitir el acceso directo al host x2apic msrs cuando el invitado restablece su apic, lo que podría provocar una condición de denegación de servicio. Maxim Levitsky discovered that the KVM nested virtu... • https://access.redhat.com/errata/RHSA-2024:3854 • CWE-755: Improper Handling of Exceptional Conditions •