Page 5 of 238 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

CVE-2023-32252 – Session null pointer dereference denial-of-service vulnerability

https://notcve.org/view.php?id=CVE-2023-32252

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. • https://access.redhat.com/security/cve/CVE-2023-32252 https://bugzilla.redhat.com/show_bug.cgi?id=2219815 https://security.netapp.com/advisory/ntap-20231124-0001 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1

CVE-2023-2124 – kernel: OOB access in the Linux kernel's XFS subsystem

https://notcve.org/view.php?id=CVE-2023-2124

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1&id=22ed903eee23a5b174e240f1cdfa9acf393a5210 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20230622-0010 https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e https://www.debian.org/security/2023/dsa-5448 https://www.debian.org/security/2023/dsa-5480 https://access.redhat.com/security/cve/CVE-2023-2124 https&# • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 4.4EPSS: 0%CPEs: 17EXPL: 0

CVE-2023-2269 – kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos

https://notcve.org/view.php?id=CVE-2023-2269

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. • https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63AJUCJTZCII2JMAF7MGZEM66KY7IALT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBLBKW2WM5YSTS6OGEU5SYHXSJ5EWSTV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXHBLWYNSUBS77TYPOJTADPDXKBH2F4U https://lore.kernel.org/lkml • CWE-413: Improper Resource Locking CWE-667: Improper Locking •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-31084 – kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible

https://notcve.org/view.php?id=CVE-2023-31084

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8c75e4a1b325ea0a9433fa8834be97b5836b946 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HIEOLEOURP4BJZMIL7UGGPYRRB44UDN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AOATNX5UFL7V7W2QDIQKOHFFHYKWFP4W https://lore.kernel.org/all/CA •

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0

CVE-2023-2007 – Linux Kernel DPT I2O Controller Time-Of-Check Time-Of-Use Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2023-2007

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DPT I2O Controller driver. • https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240119-0011 https://www.debian.org/security/2023/dsa-5480 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-667: Improper Locking •