CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2023-31436 – Linux Kernel Net Scheduler Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-31436
28 Apr 2023 — qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control (QoS) subsystem in how a user triggers the qfq_change_class function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on the system. This vulnerability allows local attackers to escalate priv... • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0458 – Spectre V1 Gadget in do_prlimit in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-0458
26 Apr 2023 — A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 A vulnerabilty was found in Linux Kernel, where a speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is cont... • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/kernel/sys.c?id=v6.1.8&id2=v6.1.7 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 17EXPL: 0CVE-2023-2269 – kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos
https://notcve.org/view.php?id=CVE-2023-2269
25 Apr 2023 — A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. Gwangun Jung discovered that the Quick Fa... • https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html • CWE-413: Improper Resource Locking CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31082
https://notcve.org/view.php?id=CVE-2023-31082
24 Apr 2023 — An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability. • https://bugzilla.suse.com/show_bug.cgi?id=1210781 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31083 – kernel: race condition between HCIUARTSETPROTO and HCIUARTGETPROTO in hci_uart_tty_ioctl
https://notcve.org/view.php?id=CVE-2023-31083
24 Apr 2023 — An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur. A NULL pointer dereference flaw was found in the Linux kernel’s Bluetooth HCI UART driver. • https://bugzilla.suse.com/show_bug.cgi?id=1210780 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-31084 – kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible
https://notcve.org/view.php?id=CVE-2023-31084
24 Apr 2023 — An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8c75e4a1b325ea0a9433fa8834be97b5836b946 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31085 – Ubuntu Security Notice USN-6503-1
https://notcve.org/view.php?id=CVE-2023-31085
24 Apr 2023 — An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did no... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=017c73a34a661a861712f7cc1393a123e5b2208c • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31081
https://notcve.org/view.php?id=CVE-2023-31081
24 Apr 2023 — An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux). • https://bugzilla.suse.com/show_bug.cgi?id=1210782 • CWE-476: NULL Pointer Dereference •
CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0CVE-2023-2194 – kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()
https://notcve.org/view.php?id=CVE-2023-2194
20 Apr 2023 — An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not l... • https://bugzilla.redhat.com/show_bug.cgi?id=2188396 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2176 – kernel: Slab-out-of-bound read in compare_netdev_and_ip
https://notcve.org/view.php?id=CVE-2023-2176
20 Apr 2023 — A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux kernel. An improper cleanup results in an out-of-boundary read. This flaw allows a local user to crash or escalate privileges on the system. • https://security.netapp.com/advisory/ntap-20230609-0005 • CWE-125: Out-of-bounds Read •