CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1078
https://notcve.org/view.php?id=CVE-2023-1078
A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption. • http://www.openwall.com/lists/oss-security/2023/11/05/1 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230505-0004 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3923 – kernel: stack information leak in infiniband RDMA
https://notcve.org/view.php?id=CVE-2021-3923
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms. A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. • https://bugzilla.redhat.com/show_bug.cgi?id=2019643 https://lore.kernel.org/all/20220204100036.GA12348%40kili https://access.redhat.com/security/cve/CVE-2021-3923 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1195 – kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c
https://notcve.org/view.php?id=CVE-2023-1195
A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. • https://github.com/torvalds/linux/commit/153695d36ead0ccc4d0256953c751cabf673e621 https://access.redhat.com/security/cve/CVE-2023-1195 https://bugzilla.redhat.com/show_bug.cgi?id=2154171 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36691
https://notcve.org/view.php?id=CVE-2020-36691
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8 https://github.com/torvalds/linux/commit/7690aa1cdf7c4565ad6b013b324c28b685505e24 • CWE-674: Uncontrolled Recursion •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1513 – kernel: KVM: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems
https://notcve.org/view.php?id=CVE-2023-1513
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. • https://bugzilla.redhat.com/show_bug.cgi?id=2179892 https://github.com/torvalds/linux/commit/2c10b61421a28e95a46ab489fd56c0f442ff6952 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/kvm/20230214103304.3689213-1-gregkh%40linuxfoundation.org https://access.redhat.com/security/cve/CVE-2023-1513 • CWE-665: Improper Initialization •