CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-6200 – Kernel: icmpv6 router advertisement packets, aka linux tcp/ip remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-6200
A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution. Se encontró una condición de ejecución en el kernel de Linux. Bajo ciertas condiciones, un atacante no autenticado de una red adyacente podría enviar un paquete de publicidad de enrutador ICMPv6, provocando la ejecución de código arbitrario. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-6200 https://bugzilla.redhat.com/show_bug.cgi?id=2250377 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23307 – Integer overflow in raid5_cache_count in Linux kernel
https://notcve.org/view.php?id=CVE-2024-23307
Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow. Desbordamiento de enteros o vulnerabilidad Wraparound en el kernel de Linux en Linux, x86, ARM (módulos md, raid, raid5) permite el desbordamiento de enteros forzado. • https://bugzilla.openanolis.cn/show_bug.cgi?id=7975 https://access.redhat.com/security/cve/CVE-2024-23307 https://bugzilla.redhat.com/show_bug.cgi?id=2267705 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23848 – kernel: use-after-free in cec_queue_msg_fh
https://notcve.org/view.php?id=CVE-2024-23848
In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. En el kernel de Linux hasta 6.7.1, hay un use-after-free en cec_queue_msg_fh, relacionado con drivers/media/cec/core/cec-adap.c y drivers/media/cec/core/cec-api.c. A vulnerability was found in the Linux kernel. A use-after-free exists in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. • https://lore.kernel.org/lkml/e9f42704-2f99-4f2c-ade5-f952e5fd53e5%40xs4all.nl https://access.redhat.com/security/cve/CVE-2024-23848 https://bugzilla.redhat.com/show_bug.cgi?id=2260038 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51043 – kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c
https://notcve.org/view.php?id=CVE-2023-51043
In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. En el kernel de Linux anterior a 6.4.5, drivers/gpu/drm/drm_atomic.c tiene un use-after-free durante una condición de ejecución entre un commit atómico sin bloqueo y una descarga del controlador. A flaw was found in the Linux kernel Direct Rendering Infrastructure (DRI) subsystem in which a use-after-free can be caused when a user triggers a race condition between a nonblocking atomic commit and a driver unload. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.5 https://github.com/torvalds/linux/commit/4e076c73e4f6e90816b30fcd4a0d7ab365087255 https://access.redhat.com/security/cve/CVE-2023-51043 https://bugzilla.redhat.com/show_bug.cgi?id=2260005 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23849
https://notcve.org/view.php?id=CVE-2024-23849
In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. En rds_recv_track_latency en net/rds/af_rds.c en el kernel de Linux hasta 6.7.1, hay un error uno por uno para una comparación RDS_MSG_RX_DGRAM_TRACE_MAX, lo que resulta en un acceso fuera de los límites. • https://bugzilla.suse.com/show_bug.cgi?id=1219127 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13e788deb7348cc88df34bed736c3b3b9927ea52 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LB • CWE-193: Off-by-one Error •