CVE-2023-1670
https://notcve.org/view.php?id=CVE-2023-1670
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/all/20230316161526.1568982-1-zyytlz.wz%40163.com https://security.netapp.com/advisory/ntap-20230526-0010 • CWE-416: Use After Free •
CVE-2023-1032
https://notcve.org/view.php?id=CVE-2023-1032
The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067. La operación io_uring IORING_OP_SOCKET del kernel de Linux contenía una función de double free __sys_socket_file() en el archivo net/socket.c. Este problema se introdujo en da214a475f8bd1d3e9e7a19ddfeb4d1617551bab y se solucionó en 649c15c7691e9b13cbe9bf6c65c365350e056067. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032 https://ubuntu.com/security/notices/USN-5977-1 https://ubuntu.com/security/notices/USN-6024-1 https://ubuntu.com/security/notices/USN-6033-1 https://www.openwall.com/lists/oss-security/2023/03/13/2 • CWE-415: Double Free •
CVE-2023-1079 – kernel: hid: Use After Free in asus_remove()
https://notcve.org/view.php?id=CVE-2023-1079
A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data. A use-after-free flaw was found in asus_kbd_backlight_set in drivers/hid/hid-asus.c in the Linux Kernel. • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://access.redhat.com/security/cve/CVE-2023-1079 https://bugzilla.redhat.com/show_bug.cgi?id=2173444 • CWE-416: Use After Free •
CVE-2023-28866 – kernel: Bluetooth: HCI: global out-of-bounds access in net/bluetooth/hci_sync.c
https://notcve.org/view.php?id=CVE-2023-28866
In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not. An out-of-bounds (OOB) memory access flaw was found in net/bluetooth/hci_sync.c due to a missing exit patch while in loop in amp_init1[] and amp_init2[]. This issue could allow an attacker to leak internal kernel information. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=95084403f8c070ccf5d7cbe72352519c1798a40a https://lore.kernel.org/lkml/20230321015018.1759683-1-iam%40sung-woo.kim https://patchwork.kernel.org/project/bluetooth/patch/20230322232543.3079578-1-luiz.dentz%40gmail.com https://access.redhat.com/security/cve/CVE-2023-28866 https://bugzilla.redhat.com/show_bug.cgi?id=2185519 • CWE-125: Out-of-bounds Read •
CVE-2023-1380
https://notcve.org/view.php?id=CVE-2023-1380
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html https://bugzilla.redhat.com/show_bug.cgi?id=2177883 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang%40yonsei.ac.kr/T/#u https://security.netapp.com& • CWE-125: Out-of-bounds Read •