CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39198 – Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()
https://notcve.org/view.php?id=CVE-2023-39198
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Se encontró una condición de ejecución en el controlador QXL del kernel de Linux. La función qxl_mode_dumb_create() desreferencia el qobj devuelto por qxl_gem_object_create_with_handle(), pero el identificador es el único que contiene una referencia a él. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-39198 https://bugzilla.redhat.com/show_bug.cgi?id=2218332 https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-5090 – Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs
https://notcve.org/view.php?id=CVE-2023-5090
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Se encontró una falla en KVM. Una verificación incorrecta en svm_set_x2apic_msr_interception() puede permitir el acceso directo al host x2apic msrs cuando el invitado restablece su apic, lo que podría provocar una condición de denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:3854 https://access.redhat.com/errata/RHSA-2024:3855 https://access.redhat.com/errata/RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4352 https://access.redhat.com/security/cve/CVE-2023-5090 https://bugzilla.redhat.com/show_bug.cgi?id=2248122 https://access.redhat.com/errata/RHSA-2024:2758 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-31026
https://notcve.org/view.php?id=CVE-2023-31026
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service. NVIDIA vGPU Software para Windows y Linux contiene una vulnerabilidad en Virtual GPU Manager (plugin vGPU), donde una desreferencia de puntero NULL puede provocar una denegación de servicio. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-31022
https://notcve.org/view.php?id=CVE-2023-31022
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. NVIDIA GPU Display Driver para Windows y Linux contiene una vulnerabilidad en la capa del modo kernel, donde una desreferencia del puntero NULL puede provocar una denegación de servicio. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-31021
https://notcve.org/view.php?id=CVE-2023-31021
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service. NVIDIA vGPU Software para Windows y Linux contiene una vulnerabilidad en Virtual GPU Manager (plugin vGPU), donde un usuario malintencionado en la VM invitada puede provocar una desreferencia del puntero NULL, lo que puede provocar una denegación de servicio. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-476: NULL Pointer Dereference •