CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2019 – Linux Kernel netdevsim Improper Update of Reference Count Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-2019
A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the scheduling of events. • https://bugzilla.redhat.com/show_bug.cgi?id=2189137 https://github.com/torvalds/linux/commit/180a6a3ee60a https://www.zerodayinitiative.com/advisories/ZDI-CAN-17811 • CWE-911: Improper Update of Reference Count •
CVSS: 8.2EPSS: 0%CPEs: 16EXPL: 0CVE-2023-1668 – openvswitch: ip proto 0 triggers incorrect handling
https://notcve.org/view.php?id=CVE-2023-1668
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. • https://bugzilla.redhat.com/show_bug.cgi?id=2137666 https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ https://security.gentoo.org/glsa/202311-16 https://www.debian.org/security/2023/dsa-5387 https://www.openwall.com/lists/oss-security/2023/04/06/1 https://access.redhat.com/security/cve/CVE-2023-1668 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-1476 – Kpatch: mm/mremap.c: incomplete fix for cve-2022-41222
https://notcve.org/view.php?id=CVE-2023-1476
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. Se encontró una falla de use-after-free en el código fuente de contabilidad del espacio de direcciones de memoria mm/mremap del kernel de Linux. Este problema ocurre debido a una condición de ejecución entre rmap walk y mremap, lo que permite a un usuario local bloquear el sistema o potencialmente aumentar sus privilegios en el sistema. • https://access.redhat.com/errata/RHSA-2023:1659 https://access.redhat.com/security/cve/CVE-2023-1476 https://bugzilla.redhat.com/show_bug.cgi?id=2176035 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-4318 – Cri-o: /etc/passwd tampering privesc
https://notcve.org/view.php?id=CVE-2022-4318
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. Se encontró una vulnerabilidad en cri-o. Este problema permite la adición de líneas arbitrarias en /etc/passwd mediante el uso de una variable de entorno especialmente manipulada. • https://access.redhat.com/errata/RHSA-2023:1033 https://access.redhat.com/errata/RHSA-2023:1503 https://access.redhat.com/security/cve/CVE-2022-4318 https://bugzilla.redhat.com/show_bug.cgi?id=2152703 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0198
https://notcve.org/view.php?id=CVE-2023-0198
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 https://security.gentoo.org/glsa/202310-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •