CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2023-0210
https://notcve.org/view.php?id=CVE-2023-0210
A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=797805d81baa814f76cf7bdab35f86408a79d707 https://github.com/cifsd-team/ksmbd/commit/8824b7af409f51f1316e92e9887c2fd48c0b26d6 https://security.netapp.com/advisory/ntap-20230517-0002 https://securityonline.info/cve-2023-0210-flaw-in-linux-kernel-allows-unauthenticated-remote-dos-attacks https://www.openwall.com/lists/oss-security/2023/01/04/1 https://www.o • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1118 – kernel: use-after-free in drivers/media/rc/ene_ir.c due to race condition
https://notcve.org/view.php?id=CVE-2023-1118
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. A use-after-free flaw was found in the Linux kernel's integrated infrared receiver/transceiver driver. This issue occurs when a user detaches a rc device. This could allow a local user to crash the system or potentially escalate their privileges on the system. • https://github.com/torvalds/linux/commit/29b0589a865b6f66d141d79b2dd1373e4e50fe17 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230413-0003 https://access.redhat.com/security/cve/CVE-2023-1118 https://bugzilla.redhat.com/show_bug.cgi?id=2174400 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23005
https://notcve.org/view.php?id=CVE-2023-23005
In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached. • https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2 https://github.com/torvalds/linux/commit/4a625ceee8a0ab0273534cb6b432ce6b331db5ee • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23004
https://notcve.org/view.php?id=CVE-2023-23004
In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19 https://github.com/torvalds/linux/commit/15342f930ebebcfe36f2415049736a77d7d2e045 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23000
https://notcve.org/view.php?id=CVE-2023-23000
In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17 https://github.com/torvalds/linux/commit/045a31b95509c8f25f5f04ec5e0dec5cd09f2c5f https://security.netapp.com/advisory/ntap-20230331-0004 • CWE-476: NULL Pointer Dereference •