CVE-2023-1855 – kernel: use-after-free bug in remove function xgene_hwmon_remove
https://notcve.org/view.php?id=CVE-2023-1855
A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. • https://github.com/torvalds/linux/commit/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/all/20230318122758.2140868-1-linux%40roeck-us.net https://access.redhat.com/security/cve/CVE-2023-1855 https://bugzilla.redhat.com/show_bug.cgi?id=2184578 • CWE-416: Use After Free •
CVE-2023-1838 – kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend()
https://notcve.org/view.php?id=CVE-2023-1838
A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in the virtio network subcomponent in the Linux kernel due to a double fget. This issue could allow a local attacker to crash the system, and could lead to a kernel information leak problem. • https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T https://security.netapp.com/advisory/ntap-20230517-0003 https://access.redhat.com/security/cve/CVE-2023-1838 https://bugzilla.redhat.com/show_bug.cgi?id=2087568 https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang@redhat.com/T • CWE-416: Use After Free •
CVE-2023-1611
https://notcve.org/view.php?id=CVE-2023-1611
A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea • https://bugzilla.redhat.com/show_bug.cgi?id=2181342 https://github.com/torvalds/linux/commit/2f1a6be12ab6c8470d5776e68644726c94257c54 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QCM6XO4HSPLGR3DFYWFRIA3GCBIHZR4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWECAZ7V7EPSXMINO6Q6KWNKDY2CO6ZW https://lore.kernel.org/linux-btrfs/35b9a70650ea947387cf352914a8774b4f7e8a6f.1679481128.git.fdmanana%40sus • CWE-416: Use After Free •
CVE-2023-1670
https://notcve.org/view.php?id=CVE-2023-1670
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/all/20230316161526.1568982-1-zyytlz.wz%40163.com https://security.netapp.com/advisory/ntap-20230526-0010 • CWE-416: Use After Free •
CVE-2023-28328 – kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c
https://notcve.org/view.php?id=CVE-2023-28328
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=2177389 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://access.redhat.com/security/cve/CVE-2023-28328 • CWE-476: NULL Pointer Dereference •