Page 6 of 238 results (0.007 seconds)

CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0

CVE-2023-1989 – kernel: Use after free bug in btsdio_remove due to race condition

https://notcve.org/view.php?id=CVE-2023-1989

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. A call to btsdio_remove with an unfinished job may cause a race problem which leads to a UAF on hdev devices. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230601-0004 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-1989 https://bugzilla.redhat • CWE-416: Use After Free •

CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0

CVE-2023-1838 – kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend()

https://notcve.org/view.php?id=CVE-2023-1838

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in the virtio network subcomponent in the Linux kernel due to a double fget. This issue could allow a local attacker to crash the system, and could lead to a kernel information leak problem. • https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T https://security.netapp.com/advisory/ntap-20230517-0003 https://access.redhat.com/security/cve/CVE-2023-1838 https://bugzilla.redhat.com/show_bug.cgi?id=2087568 https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang@redhat.com/T • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0

CVE-2023-28464 – Kernel: double free in hci_conn_cleanup of the bluetooth subsystem

https://notcve.org/view.php?id=CVE-2023-28464

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. A double-free vulnerability was found in the hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux Kernel. This issue may cause a denial of service or privilege escalation. • https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com https://security.netapp.com/advisory/ntap-20230517-0004 https://www.openwall.com/lists/oss-security/2023/03/28/2 https://www.openwall.com/lists/oss-security/2023/03/28/3 https://access.redhat.com/security/cve/CVE-2023-28464 https://bugzilla.redhat.com/show_bug.cgi?id=2177759 • CWE-415: Double Free •

CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 0

CVE-2023-1380

https://notcve.org/view.php?id=CVE-2023-1380

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. • http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html https://bugzilla.redhat.com/show_bug.cgi?id=2177883 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang%40yonsei.ac.kr/T/#u https://security.netapp.com& • CWE-125: Out-of-bounds Read •

CVSS: 7.0EPSS: 0%CPEs: 27EXPL: 0

CVE-2023-1077

https://notcve.org/view.php?id=CVE-2023-1077

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230511-0002 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •