CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-5090 – Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs
https://notcve.org/view.php?id=CVE-2023-5090
06 Nov 2023 — A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Se encontró una falla en KVM. Una verificación incorrecta en svm_set_x2apic_msr_interception() puede permitir el acceso directo al host x2apic msrs cuando el invitado restablece su apic, lo que podría provocar una condición de denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:3854 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1194 – Use-after-free in parse_lease_state()
https://notcve.org/view.php?id=CVE-2023-1194
03 Nov 2023 — An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. Se encontró una falla de lectura de memoria Out-Of-Bounds (OOB) en parse_lease_state en la implementación KSMBD del servidor samba en el kernel... • https://access.redhat.com/security/cve/CVE-2023-1194 • CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47233
https://notcve.org/view.php?id=CVE-2023-47233
03 Nov 2023 — The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. El componente brcm80211 en el kernel de Linux hasta 6.5.10 tiene un código brcmf_cfg80211_detach use after free en el códi... • https://bugzilla.suse.com/show_bug.cgi?id=1216702 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1193 – Use-after-free in setup_async_work()
https://notcve.org/view.php?id=CVE-2023-1193
01 Nov 2023 — A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work. Se encontró una falla de use-after-free en setup_async_work en la implementación KSMBD del servidor samba en el kernel y CIFS en el kernel de Linux. Este problema podría permitir que un atacante bloquee el sistema al acceder al trabajo liberado. • https://access.redhat.com/security/cve/CVE-2023-1193 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1192 – Use-after-free in smb2_is_status_io_timeout()
https://notcve.org/view.php?id=CVE-2023-1192
01 Nov 2023 — A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service. Se encontró una falla de use-after-free en smb2_is_status_io_timeout() en CIFS en el kernel de Linux. Después de que CIFS transfiere datos de respuesta a una llamada al sistema, ... • https://access.redhat.com/security/cve/CVE-2023-1192 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 5%CPEs: 12EXPL: 1CVE-2023-5178 – Kernel: use after free in nvmet_tcp_free_crypto in nvme
https://notcve.org/view.php?id=CVE-2023-5178
01 Nov 2023 — A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. Se encontró una vulnerabilidad de use-after-free en drivers/nvme/target/tcp.c` en `nvmet_tcp_free_crypto` debido a un error lógico en el subsistema NVMe-oF/TCP en el kernel de Lin... • https://github.com/rockrid3r/CVE-2023-5178 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46862 – kernel: NULL pointer dereference vulnerability in io_uring_show_fdinfo
https://notcve.org/view.php?id=CVE-2023-46862
29 Oct 2023 — An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. Se descubrió un problema en el kernel de Linux hasta 6.5.9. Durante una ejecución con salida de hilo SQ, puede ocurrir una desreferencia del puntero NULL io_uring/fdinfo.c io_uring_show_fdinfo. A null pointer dereference flaw was found in the Linux kernel's io_uring functionality. • https://bugzilla.kernel.org/show_bug.cgi?id=218032#c4 • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46813 – kernel: SEV-ES local priv escalation
https://notcve.org/view.php?id=CVE-2023-46813
27 Oct 2023 — An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. Se descubrió un problema en el kernel de Linux anterior a 6.5.9, explo... • https://github.com/Freax13/cve-2023-46813-poc • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2023-5717 – Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component
https://notcve.org/view.php?id=CVE-2023-5717
25 Oct 2023 — A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. Se puede aprovechar una vulnerabilidad de escritura fuera de límites del montón en ... • https://github.com/uthrasri/CVE-2023-5717 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-5633 – Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling
https://notcve.org/view.php?id=CVE-2023-5633
23 Oct 2023 — The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. Los cambios en el recuento de referencias realizados como parte de las correcciones CVE-2023-33951 y CVE-2023-33952 expusieron una falla de use-after-free ... • https://access.redhat.com/errata/RHSA-2024:0113 • CWE-416: Use After Free •