CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-32252 – Session null pointer dereference denial-of-service vulnerability
https://notcve.org/view.php?id=CVE-2023-32252
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-32252 https://bugzilla.redhat.com/show_bug.cgi?id=2219815 https://security.netapp.com/advisory/ntap-20231124-0001 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-2860 – Out-of-bounds read when setting hmac data
https://notcve.org/view.php?id=CVE-2023-2860
An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-2860 https://bugzilla.redhat.com/show_bug.cgi?id=2218122 https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0459 – Copy_from_user Spectre-V1 Gadget in Linux Kernel
https://notcve.org/view.php?id=CVE-2023-0459
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 A vulnerability was found in copy_from_user in 64-bit versions of the Linux kernel. This flaw allows a local attacker to bypass the "access_ok" sanity check and pass a kernel pointer to copy_from_user(), resulting in kernel data leaking. • https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47 https://access.redhat.com/security/cve/CVE-2023-0459 https://bugzilla.redhat.com/show_bug.cgi?id=2216383 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2023-2124 – kernel: OOB access in the Linux kernel's XFS subsystem
https://notcve.org/view.php?id=CVE-2023-2124
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1&id=22ed903eee23a5b174e240f1cdfa9acf393a5210 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20230622-0010 https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e https://www.debian.org/security/2023/dsa-5448 https://www.debian.org/security/2023/dsa-5480 https://access.redhat.com/security/cve/CVE-2023-2124 https&# • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 5CVE-2023-32233 – kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
https://notcve.org/view.php?id=CVE-2023-32233
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. • https://github.com/oferchen/POC-CVE-2023-32233 https://github.com/PIDAN-HEIDASHUAI/CVE-2023-32233 https://github.com/Liuk3r/CVE-2023-32233 https://github.com/RogelioPumajulca/TEST-CVE-2023-32233 https://github.com/void0red/CVE-2023-32233 http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html http://www.openwall.com/lists/oss-security/2023/05/15/5 https://bugzilla.redhat.com/show_bug.cgi?id=2196105 https://git.kernel.org/cgit/linux/k • CWE-416: Use After Free •