CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50431
https://notcve.org/view.php?id=CVE-2023-50431
09 Dec 2023 — sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized. sec_attest_info en drivers/accel/habanalabs/common/habanalabs_ioctl.c en el kernel de Linux hasta 6.6.5 permite una fuga de información al espacio del usuario porque info->pad0 no está inicializado. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a9f07790a4b2250f0140e9a61c7f842fd9b618c7 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6560 – Kernel: io_uring out of boundary memory access in __io_uaddr_map()
https://notcve.org/view.php?id=CVE-2023-6560
08 Dec 2023 — An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system. Se encontró una falla de acceso a memoria fuera de los límites en la funcionalidad de anillos io_uring SQ/CQ en el kernel de Linux. Este problema podría permitir que un usuario local bloquee el sistema. __io_uaddr_map() in io_uring suffers from dangerous handling of the multi-page region. • http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-6622 – Kernel: null pointer dereference vulnerability in nft_dynset_init()
https://notcve.org/view.php?id=CVE-2023-6622
08 Dec 2023 — A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service. Se encontró una vulnerabilidad de desreferencia de puntero nulo en nft_dynset_init() en net/netfilter/nft_dynset.c en nf_tables en el kernel de Linux. Este problema puede permitir que un atacante local con privilegios de usuario CAP_NET_ADMIN active una denegación de serv... • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39198 – Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()
https://notcve.org/view.php?id=CVE-2023-39198
09 Nov 2023 — A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Se encontró una condición de ejecución en el controlador QXL del kernel de Linux. La función qxl_mode_dumb_cr... • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6039 – Kernel: use-after-free in drivers/net/usb/lan78xx.c in lan78xx_disconnect
https://notcve.org/view.php?id=CVE-2023-6039
09 Nov 2023 — A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. Se encontró una falla de use-after-free en lan78xx_disconnect en drivers/net/usb/lan78xx.c en el subcomponente de red, net/usb/lan78xx en el kernel de Linux. Esta falla permite que un atacante local bloquee el sistema cuando el dispositivo USB LAN78XX se desconecta. • https://access.redhat.com/security/cve/CVE-2023-6039 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-5090 – Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs
https://notcve.org/view.php?id=CVE-2023-5090
06 Nov 2023 — A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Se encontró una falla en KVM. Una verificación incorrecta en svm_set_x2apic_msr_interception() puede permitir el acceso directo al host x2apic msrs cuando el invitado restablece su apic, lo que podría provocar una condición de denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:3854 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1194 – Use-after-free in parse_lease_state()
https://notcve.org/view.php?id=CVE-2023-1194
03 Nov 2023 — An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. Se encontró una falla de lectura de memoria Out-Of-Bounds (OOB) en parse_lease_state en la implementación KSMBD del servidor samba en el kernel... • https://access.redhat.com/security/cve/CVE-2023-1194 • CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47233
https://notcve.org/view.php?id=CVE-2023-47233
03 Nov 2023 — The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. El componente brcm80211 en el kernel de Linux hasta 6.5.10 tiene un código brcmf_cfg80211_detach use after free en el códi... • https://bugzilla.suse.com/show_bug.cgi?id=1216702 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1193 – Use-after-free in setup_async_work()
https://notcve.org/view.php?id=CVE-2023-1193
01 Nov 2023 — A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work. Se encontró una falla de use-after-free en setup_async_work en la implementación KSMBD del servidor samba en el kernel y CIFS en el kernel de Linux. Este problema podría permitir que un atacante bloquee el sistema al acceder al trabajo liberado. • https://access.redhat.com/security/cve/CVE-2023-1193 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1192 – Use-after-free in smb2_is_status_io_timeout()
https://notcve.org/view.php?id=CVE-2023-1192
01 Nov 2023 — A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service. Se encontró una falla de use-after-free en smb2_is_status_io_timeout() en CIFS en el kernel de Linux. Después de que CIFS transfiere datos de respuesta a una llamada al sistema, ... • https://access.redhat.com/security/cve/CVE-2023-1192 • CWE-416: Use After Free •