CVE-2023-28327 – kernel: denial of service problem in net/unix/diag.c
https://notcve.org/view.php?id=CVE-2023-28327
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=2177382 https://access.redhat.com/security/cve/CVE-2023-28327 • CWE-476: NULL Pointer Dereference •
CVE-2023-2166 – kernel: NULL pointer dereference in can_rcv_filter
https://notcve.org/view.php?id=CVE-2023-2166
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. A NULL pointer dereference issue was found in the can protocol in net/can/af_can.c in the Linux kernel, where ml_priv may not be initialized in the receive path of CAN frames. This flaw allows a local user to crash the system or cause a denial of service. • https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w%40mail.gmail.com https://access.redhat.com/security/cve/CVE-2023-2166 https://bugzilla.redhat.com/show_bug.cgi?id=2187813 • CWE-476: NULL Pointer Dereference •
CVE-2023-1382 – kernel: denial of service in tipc_conn_close
https://notcve.org/view.php?id=CVE-2023-1382
A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. • https://lore.kernel.org/netdev/bc7bd3183f1c275c820690fc65b708238fe9e38e.1668807842.git.lucien.xin%40gmail.com/T/#u https://access.redhat.com/security/cve/CVE-2023-1382 https://bugzilla.redhat.com/show_bug.cgi?id=2177371 • CWE-476: NULL Pointer Dereference •
CVE-2023-2162 – kernel: UAF during login when accessing the shost ipaddress
https://notcve.org/view.php?id=CVE-2023-2162
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. A use-after-free flaw was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in the SCSI sub-component in the Linux Kernel. This issue could allow an attacker to leak kernel internal information. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://www.spinics.net/lists/linux-scsi/msg181542.html https://access.redhat.com/security/cve/CVE-2023-2162 https://bugzilla.redhat.com/show_bug.cgi?id=2187773 • CWE-416: Use After Free •
CVE-2023-30772
https://notcve.org/view.php?id=CVE-2023-30772
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. • https://bugzilla.suse.com/show_bug.cgi?id=1210329 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06615d11cc78162dfd5116efb71f29eb29502d37 https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html • CWE-416: Use After Free •