CVE-2023-1076 – kernel: tap: tap_open(): correctly initialize socket uid
https://notcve.org/view.php?id=CVE-2023-1076
The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=66b2c338adce580dfce2199591e65e2bab889cff https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a096ccca6e503a5c575717ff8a36ace27510ab0a https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://access.redhat.com/security/cve/CVE-2023-1076 https://bugzilla.redhat.com/show_bug.cgi?id=2173435 • CWE-791: Incomplete Filtering of Special Elements CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-1077
https://notcve.org/view.php?id=CVE-2023-1077
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230511-0002 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-21056
https://notcve.org/view.php?id=CVE-2023-21056
In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memory corruption due to type confusion. • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-0083 – The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access.
https://notcve.org/view.php?id=CVE-2023-0083
The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash. • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-1235
https://notcve.org/view.php?id=CVE-2023-1235
Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html https://crbug.com/1404704 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •