CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1670
https://notcve.org/view.php?id=CVE-2023-1670
30 Mar 2023 — A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28328 – kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c
https://notcve.org/view.php?id=CVE-2023-28328
29 Mar 2023 — A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=2177389 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1652 – Kernel: use-after-free in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c
https://notcve.org/view.php?id=CVE-2023-1652
29 Mar 2023 — A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. • https://access.redhat.com/security/cve/cve-2023-1652 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1032
https://notcve.org/view.php?id=CVE-2023-1032
28 Mar 2023 — The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067. La operación io_uring IORING_OP_SOCKET del kernel de Linux contenía una función de double free __sys_socket_file() en el archivo net/socket.c. Este problema se introdujo en da214a475f8bd1d3e9e7a19ddfeb4d1617551bab y se solucionó en 649c15c7691e9b13cbe9bf6c... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4744 – kernel: tun: avoid double free in tun_free_netdev
https://notcve.org/view.php?id=CVE-2022-4744
27 Mar 2023 — A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. • http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html • CWE-415: Double Free CWE-460: Improper Cleanup on Thrown Exception CWE-824: Access of Uninitialized Pointer •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3923 – kernel: stack information leak in infiniband RDMA
https://notcve.org/view.php?id=CVE-2021-3923
27 Mar 2023 — A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms. • https://bugzilla.redhat.com/show_bug.cgi?id=2019643 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 27EXPL: 0CVE-2023-1077
https://notcve.org/view.php?id=CVE-2023-1077
27 Mar 2023 — In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1637 – kernel: save/restore speculative MSRs during S3 suspend/resume
https://notcve.org/view.php?id=CVE-2023-1637
27 Mar 2023 — A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks. A flaw was found in the Linux kernel X86 CPU Power management when resuming CPU from suspend-to-RAM. This issue could allow a lo... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28866 – kernel: Bluetooth: HCI: global out-of-bounds access in net/bluetooth/hci_sync.c
https://notcve.org/view.php?id=CVE-2023-28866
27 Mar 2023 — In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not. An out-of-bounds (OOB) memory access flaw was found in net/bluetooth/hci_sync.c due to a missing exit patch while in loop in amp_init1[] and amp_init2[]. This issue could allow an attacker to leak internal kernel information. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=95084403f8c070ccf5d7cbe72352519c1798a40a • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1078
https://notcve.org/view.php?id=CVE-2023-1078
27 Mar 2023 — A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption. • http://www.openwall.com/lists/oss-security/2023/11/05/1 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •