Page 417 of 2243 results (0.030 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-2019 – Linux Kernel netdevsim Improper Update of Reference Count Denial-of-Service Vulnerability

https://notcve.org/view.php?id=CVE-2023-2019

A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the scheduling of events. • https://bugzilla.redhat.com/show_bug.cgi?id=2189137 https://github.com/torvalds/linux/commit/180a6a3ee60a https://www.zerodayinitiative.com/advisories/ZDI-CAN-17811 • CWE-911: Improper Update of Reference Count •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-2006 – Linux Kernel RxRPC Race Condition Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2023-2006

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of RxRPC bundles. • https://bugzilla.redhat.com/show_bug.cgi?id=2189112 https://github.com/torvalds/linux/commit/3bcd6c7eaa53 https://security.netapp.com/advisory/ntap-20230609-0004 https://www.zerodayinitiative.com/advisories/ZDI-23-439 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1

CVE-2023-1829 – Use-after-free in tcindex (traffic control index filter) in the Linux Kernel

https://notcve.org/view.php?id=CVE-2023-1829

A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. • https://github.com/lanleft/CVE-2023-1829 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c710f75256bb3cf05ac7b1672c82b92c43f3d28 https://kernel.dance/#8c710f75256bb3cf05ac7b1672c82b92c43f3d28 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230601-0001 https://access.redhat.com/security/cve/CVE-2023-1829 https://bugzilla.redhat.com/show_bug. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •

CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-1990

https://notcve.org/view.php?id=CVE-2023-1990

A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/all/20230312160837.2040857-1-zyytlz.wz%40163.com • CWE-416: Use After Free •

CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0

CVE-2023-1989 – kernel: Use after free bug in btsdio_remove due to race condition

https://notcve.org/view.php?id=CVE-2023-1989

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. A call to btsdio_remove with an unfinished job may cause a race problem which leads to a UAF on hdev devices. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230601-0004 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-1989 https://bugzilla.redhat • CWE-416: Use After Free •