Page 357 of 4717 results (0.015 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-2019 – Linux Kernel netdevsim Improper Update of Reference Count Denial-of-Service Vulnerability

https://notcve.org/view.php?id=CVE-2023-2019

A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the scheduling of events. • https://bugzilla.redhat.com/show_bug.cgi?id=2189137 https://github.com/torvalds/linux/commit/180a6a3ee60a https://www.zerodayinitiative.com/advisories/ZDI-CAN-17811 • CWE-911: Improper Update of Reference Count •

CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 1

CVE-2023-2008 – Linux Kernel udmabuf Improper Validation of Array Index Local Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2023-2008

A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. A flaw was found in the Linux kernel's udmabuf device driver, within a fault handler. • https://github.com/bluefrostsecurity/CVE-2023-2008 https://bugzilla.redhat.com/show_bug.cgi?id=2186862 https://github.com/torvalds/linux/commit/05b252cccb2e5c3f56119d25de684b4f810ba4 https://security.netapp.com/advisory/ntap-20230517-0007 https://www.zerodayinitiative.com/advisories/ZDI-23-441 https://access.redhat.com/security/cve/CVE-2023-2008 • CWE-129: Improper Validation of Array Index •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1

CVE-2023-1829 – Use-after-free in tcindex (traffic control index filter) in the Linux Kernel

https://notcve.org/view.php?id=CVE-2023-1829

A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. • https://github.com/lanleft/CVE-2023-1829 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c710f75256bb3cf05ac7b1672c82b92c43f3d28 https://kernel.dance/#8c710f75256bb3cf05ac7b1672c82b92c43f3d28 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230601-0001 https://access.redhat.com/security/cve/CVE-2023-1829 https://bugzilla.redhat.com/show_bug. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •

CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-1990

https://notcve.org/view.php?id=CVE-2023-1990

A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/all/20230312160837.2040857-1-zyytlz.wz%40163.com • CWE-416: Use After Free •

CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0

CVE-2023-1989 – kernel: Use after free bug in btsdio_remove due to race condition

https://notcve.org/view.php?id=CVE-2023-1989

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. A call to btsdio_remove with an unfinished job may cause a race problem which leads to a UAF on hdev devices. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230601-0004 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-1989 https://bugzilla.redhat • CWE-416: Use After Free •