Page 449 of 2260 results (0.019 seconds)

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-0615

https://notcve.org/view.php?id=CVE-2023-0615

A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled. • https://bugzilla.redhat.com/show_bug.cgi?id=2166287 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound CWE-369: Divide By Zero CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 2

CVE-2023-25012

https://notcve.org/view.php?id=CVE-2023-25012

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. • http://www.openwall.com/lists/oss-security/2023/02/02/1 http://www.openwall.com/lists/oss-security/2023/11/05/1 https://bugzilla.suse.com/show_bug.cgi?id=1207560 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27d2a2fd844ec7da70d19fabb482304fd1e0595b https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=76ca8da989c7d97a7f76c75d475fe95a584439d7 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9fefb6201c4f8dd9f58c581b2a66e5cde2 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 3

CVE-2023-0179 – kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan

https://notcve.org/view.php?id=CVE-2023-0179

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. • https://github.com/TurtleARM/CVE-2023-0179-PoC https://github.com/H4K6/CVE-2023-0179-PoC http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNS-0093-1.html https://bugzilla.redhat.com/show_bug.cgi?id=2161713 https://seclists.org/oss-sec/2023/q1/20 https://security.netapp.com/advisory/ntap-20230511-0003 https://access.redhat.com/security/cve/CVE-2023-0179 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.9EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-0266 – Linux Kernel Use-After-Free Vulnerability

https://notcve.org/view.php?id=CVE-2023-0266

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak problem. Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4 https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e https://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1 https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://access.redhat.com/security/cve/CVE-2023-0266 https://bugzilla.redhat.com/show_bug • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-0394 – kernel: NULL pointer dereference in rawv6_push_pending_frames

https://notcve.org/view.php?id=CVE-2023-0394

A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb3e9864cdbe35ff6378966660edbcbac955fe17 https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230302-0005 https://access.redhat.com/security/cve/CVE-2023-0394 https://bugzilla.redhat.com/show_bug.cgi?id=2162120 • CWE-476: NULL Pointer Dereference •