Page 469 of 4955 results (0.033 seconds)

CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-2513 – kernel: ext4: use-after-free in ext4_xattr_set_entry()

https://notcve.org/view.php?id=CVE-2023-2513

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw allows a privileged local user to cause a system crash or other undefined behaviors. • https://bugzilla.redhat.com/show_bug.cgi?id=2193097 https://github.com/torvalds/linux/commit/67d7d8ad99be https://lore.kernel.org/all/20220616021358.2504451-1-libaokun1%40huawei.com https://access.redhat.com/security/cve/CVE-2023-2513 • CWE-416: Use After Free •

CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0

CVE-2023-1859

https://notcve.org/view.php?id=CVE-2023-1859

A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. • https://lore.kernel.org/all/20230313090002.3308025-1-zyytlz.wz%40163.com • CWE-416: Use After Free •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-32269

https://notcve.org/view.php?id=CVE-2023-32269

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.11 https://github.com/torvalds/linux/commit/611792920925fb088ddccbe2783c7f92fdfb6b64 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0

CVE-2023-2156 – Linux Kernel IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability

https://notcve.org/view.php?id=CVE-2023-2156

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the RPL protocol. • http://www.openwall.com/lists/oss-security/2023/05/17/8 http://www.openwall.com/lists/oss-security/2023/05/17/9 http://www.openwall.com/lists/oss-security/2023/05/18/1 http://www.openwall.com/lists/oss-security/2023/05/19/1 https://bugzilla.redhat.com/show_bug.cgi?id=2196292 https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html https://security.netapp.com/advisory/ntap-20230622-0001 https://www.debian.org/security/2023/dsa-5448 https:// • CWE-617: Reachable Assertion •

CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0

CVE-2023-31436 – Linux Kernel Net Scheduler Out-Of-Bounds Access Local Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2023-31436

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control (QoS) subsystem in how a user triggers the qfq_change_class function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on the system. This vulnerability allows local attackers to escalate privileges on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the MTU value provided to the QFQ Scheduler. • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13 https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html https://security • CWE-787: Out-of-bounds Write •