CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6560 – Kernel: io_uring out of boundary memory access in __io_uaddr_map()
https://notcve.org/view.php?id=CVE-2023-6560
An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system. Se encontró una falla de acceso a memoria fuera de los límites en la funcionalidad de anillos io_uring SQ/CQ en el kernel de Linux. Este problema podría permitir que un usuario local bloquee el sistema. __io_uaddr_map() in io_uring suffers from dangerous handling of the multi-page region. • http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html https://access.redhat.com/security/cve/CVE-2023-6560 https://bugzilla.redhat.com/show_bug.cgi?id=2253249 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AU4NHBDEDLRW33O76Y6LFECEYNQET5GZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCQIPFUQXKXRCH5Y4RP3C5NK4IHNBNVK https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-6622 – Kernel: null pointer dereference vulnerability in nft_dynset_init()
https://notcve.org/view.php?id=CVE-2023-6622
A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service. Se encontró una vulnerabilidad de desreferencia de puntero nulo en nft_dynset_init() en net/netfilter/nft_dynset.c en nf_tables en el kernel de Linux. Este problema puede permitir que un atacante local con privilegios de usuario CAP_NET_ADMIN active una denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-6622 https://bugzilla.redhat.com/show_bug.cgi?id=2253632 https://github.com/torvalds/linux/commit/3701cd390fd731ee7ae8b8006246c8db82c72bea https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAOVK2F3ALGKYIQ5IOMAYEC2DGI7BWAW https://lists.fedoraproject.org/archives/list/package-announce& • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39198 – Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()
https://notcve.org/view.php?id=CVE-2023-39198
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Se encontró una condición de ejecución en el controlador QXL del kernel de Linux. La función qxl_mode_dumb_create() desreferencia el qobj devuelto por qxl_gem_object_create_with_handle(), pero el identificador es el único que contiene una referencia a él. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39198 https://bugzilla.redhat.com/show_bug.cgi?id=2218332 https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6039 – Kernel: use-after-free in drivers/net/usb/lan78xx.c in lan78xx_disconnect
https://notcve.org/view.php?id=CVE-2023-6039
A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. Se encontró una falla de use-after-free en lan78xx_disconnect en drivers/net/usb/lan78xx.c en el subcomponente de red, net/usb/lan78xx en el kernel de Linux. Esta falla permite que un atacante local bloquee el sistema cuando el dispositivo USB LAN78XX se desconecta. • https://access.redhat.com/security/cve/CVE-2023-6039 https://bugzilla.redhat.com/show_bug.cgi?id=2248755 https://github.com/torvalds/linux/commit/1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-5090 – Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs
https://notcve.org/view.php?id=CVE-2023-5090
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Se encontró una falla en KVM. Una verificación incorrecta en svm_set_x2apic_msr_interception() puede permitir el acceso directo al host x2apic msrs cuando el invitado restablece su apic, lo que podría provocar una condición de denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:3854 https://access.redhat.com/errata/RHSA-2024:3855 https://access.redhat.com/errata/RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4352 https://access.redhat.com/security/cve/CVE-2023-5090 https://bugzilla.redhat.com/show_bug.cgi?id=2248122 https://access.redhat.com/errata/RHSA-2024:2758 • CWE-755: Improper Handling of Exceptional Conditions •