CVE-2023-35823 – kernel: saa7134: race condition leading to use-after-free in saa7134_finidev()
https://notcve.org/view.php?id=CVE-2023-35823
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. A race condition was found in the Linux kernel's saa7134 device driver. This occurs when removing the module before cleanup in the saa7134_finidev function which can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30cf57da176cca80f11df0d9b7f71581fe601389 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz%40163.com/t https://security.netapp • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2023-35829
https://notcve.org/view.php?id=CVE-2023-35829
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3228cec23b8b29215e18090c6ba635840190993d https://lore.kernel.org/all/a4dafa22-3ee3-dbe1-fd50-fee07883ce1a%40xs4all.nl https://lore.kernel.org/lkml/20230307173900.1299387-1-zyytlz.wz%40163.com/T https://security.netapp.com/advisory/ntap-20230803-0002 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2023-35827
https://notcve.org/view.php?id=CVE-2023-35827
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. • https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html https://lore.kernel.org/lkml/cca0b40b-d6f8-54c7-1e46-83cb62d0a2f1%40huawei.com/T https://security.netapp.com/advisory/ntap-20230803-0003 https://www.spinics.net/lists/netdev/msg886947.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2023-35788 – kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
https://notcve.org/view.php?id=CVE-2023-35788
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. Se descubrió un problema en fl_set_geneve_opt en net/sched/cls_flower.c en el kernel de Linux antes de 6.3.7. Permite una escritura fuera de los límites en el código flower classifier a través de paquetes TCA_FLOWER_KEY_ENC_OPTS_GENEVE. • http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html http://www.openwall.com/lists/oss-security/2023/06/17/1 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7 https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20230714-0002 https://www.debian& • CWE-787: Out-of-bounds Write •
CVE-2023-3268 – kernel: out-of-bounds access in relay_file_read
https://notcve.org/view.php?id=CVE-2023-3268
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. An out-of-bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw allows a local attacker to crash the system or leak kernel internal information. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43ec16f1450f4936025a9bdf1a273affdb9732c1 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc%40wangsu.com/T https://security.netapp.com/advisory/ntap-20230824-0006 https://www.debian.org/security/ • CWE-125: Out-of-bounds Read •