CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1078
https://notcve.org/view.php?id=CVE-2023-1078
27 Mar 2023 — A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption. • http://www.openwall.com/lists/oss-security/2023/11/05/1 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1079 – kernel: hid: Use After Free in asus_remove()
https://notcve.org/view.php?id=CVE-2023-1079
27 Mar 2023 — A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controll... • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 0CVE-2023-1380
https://notcve.org/view.php?id=CVE-2023-1380
27 Mar 2023 — A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1195 – kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c
https://notcve.org/view.php?id=CVE-2023-1195
24 Mar 2023 — A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. • https://github.com/torvalds/linux/commit/153695d36ead0ccc4d0256953c751cabf673e621 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36691
https://notcve.org/view.php?id=CVE-2020-36691
24 Mar 2023 — An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8 • CWE-674: Uncontrolled Recursion •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 3CVE-2023-28772 – kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow
https://notcve.org/view.php?id=CVE-2023-28772
23 Mar 2023 — An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. A buffer overflow write flaw was identified in seq_buf_putmem_hex in lib/seq_buf.c in seq_buf in the Linux Kernel. This issue may allow a user with special debug privileges such as ftrace or root to cause an overflow in the destination buffer due to a missing sanity check. • https://github.com/Trinadh465/linux-4.1.15_CVE-2023-28772 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1513 – kernel: KVM: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems
https://notcve.org/view.php?id=CVE-2023-1513
23 Mar 2023 — A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. • https://bugzilla.redhat.com/show_bug.cgi?id=2179892 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-1281 – UAF in Linux kernel's tcindex (traffic control index filter) implementation
https://notcve.org/view.php?id=CVE-2023-1281
22 Mar 2023 — Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. A use-after-free vulnerability was found in the ... • http://www.openwall.com/lists/oss-security/2023/04/11/3 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 12CVE-2023-0386 – kernel: FUSE filesystem low-privileged user privileges escalation
https://notcve.org/view.php?id=CVE-2023-0386
22 Mar 2023 — A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. • https://github.com/sxlmnwb/CVE-2023-0386 • CWE-282: Improper Ownership Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1249 – kernel: missing mmap_lock in file_files_note that could possibly lead to a use after free in the coredump code
https://notcve.org/view.php?id=CVE-2023-1249
21 Mar 2023 — A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. • http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html • CWE-416: Use After Free •