CVE-2023-1476 – Kpatch: mm/mremap.c: incomplete fix for cve-2022-41222
https://notcve.org/view.php?id=CVE-2023-1476
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. Se encontró una falla de use-after-free en el código fuente de contabilidad del espacio de direcciones de memoria mm/mremap del kernel de Linux. Este problema ocurre debido a una condición de ejecución entre rmap walk y mremap, lo que permite a un usuario local bloquear el sistema o potencialmente aumentar sus privilegios en el sistema. • https://access.redhat.com/errata/RHSA-2023:1659 https://access.redhat.com/security/cve/CVE-2023-1476 https://bugzilla.redhat.com/show_bug.cgi?id=2176035 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2 • CWE-416: Use After Free •
CVE-2023-1582 – kernel: Soft lockup occurred during __page_mapcount
https://notcve.org/view.php?id=CVE-2023-1582
A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. • https://lore.kernel.org/linux-mm/Yg6ac8WlwtnDH6M0%40kroah.com https://access.redhat.com/security/cve/CVE-2023-1582 https://bugzilla.redhat.com/show_bug.cgi?id=2180936 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2023-1855 – kernel: use-after-free bug in remove function xgene_hwmon_remove
https://notcve.org/view.php?id=CVE-2023-1855
A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. • https://github.com/torvalds/linux/commit/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/all/20230318122758.2140868-1-linux%40roeck-us.net https://access.redhat.com/security/cve/CVE-2023-1855 https://bugzilla.redhat.com/show_bug.cgi?id=2184578 • CWE-416: Use After Free •
CVE-2023-1611
https://notcve.org/view.php?id=CVE-2023-1611
A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea • https://bugzilla.redhat.com/show_bug.cgi?id=2181342 https://github.com/torvalds/linux/commit/2f1a6be12ab6c8470d5776e68644726c94257c54 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QCM6XO4HSPLGR3DFYWFRIA3GCBIHZR4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWECAZ7V7EPSXMINO6Q6KWNKDY2CO6ZW https://lore.kernel.org/linux-btrfs/35b9a70650ea947387cf352914a8774b4f7e8a6f.1679481128.git.fdmanana%40sus • CWE-416: Use After Free •
CVE-2023-1670
https://notcve.org/view.php?id=CVE-2023-1670
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/all/20230316161526.1568982-1-zyytlz.wz%40163.com https://security.netapp.com/advisory/ntap-20230526-0010 • CWE-416: Use After Free •