CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 5CVE-2023-32233 – kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
https://notcve.org/view.php?id=CVE-2023-32233
08 May 2023 — In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and write... • https://github.com/oferchen/POC-CVE-2023-32233 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1859 – Ubuntu Security Notice USN-6072-1
https://notcve.org/view.php?id=CVE-2023-1859
05 May 2023 — A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service ... • https://lore.kernel.org/all/20230313090002.3308025-1-zyytlz.wz%40163.com • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32269 – Ubuntu Security Notice USN-6133-1
https://notcve.org/view.php?id=CVE-2023-32269
05 May 2023 — An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker co... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.11 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 29%CPEs: 8EXPL: 0CVE-2023-2156 – Linux Kernel IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-2156
04 May 2023 — A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability... • http://www.openwall.com/lists/oss-security/2023/05/17/8 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2235 – Use-after-free in Linux kernel's Performance Events subsystem
https://notcve.org/view.php?id=CVE-2023-2235
01 May 2023 — A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. ... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd0815f632c24878e325821943edccc7fde947a2 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2023-2236 – Use-after-free in Linux kernel's Performance Events subsystem
https://notcve.org/view.php?id=CVE-2023-2236
01 May 2023 — A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4. A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d94c04c0db024922e886c9fd429659f22f48ea4 • CWE-416: Use After Free •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2023-31436 – Linux Kernel Net Scheduler Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-31436
28 Apr 2023 — qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control (QoS) subsystem in how a user triggers the qfq_change_class function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on the system. This vulnerability allows local attackers to escalate priv... • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0458 – Spectre V1 Gadget in do_prlimit in the Linux Kernel
https://notcve.org/view.php?id=CVE-2023-0458
26 Apr 2023 — A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 A vulnerabilty was found in Linux Kernel, where a speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is cont... • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/kernel/sys.c?id=v6.1.8&id2=v6.1.7 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 17EXPL: 0CVE-2023-2269 – kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos
https://notcve.org/view.php?id=CVE-2023-2269
25 Apr 2023 — A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. Gwangun Jung discovered that the Quick Fa... • https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html • CWE-413: Improper Resource Locking CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31082
https://notcve.org/view.php?id=CVE-2023-31082
24 Apr 2023 — An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability. • https://bugzilla.suse.com/show_bug.cgi?id=1210781 • CWE-763: Release of Invalid Pointer or Reference •