CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0597 – kernel: x86/mm: Randomize per-cpu entry area
https://notcve.org/view.php?id=CVE-2023-0597
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. A possible unauthorized memory access flaw was found in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stack(s) or other important data. This issue could allow a local user to gain access to some important data with expected location in memory. • http://www.openwall.com/lists/oss-security/2023/07/28/1 https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80 https://access.redhat.com/security/cve/CVE-2023-0597 https://bugzilla.redhat.com/show_bug.cgi?id=2165926 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23039
https://notcve.org/view.php?id=CVE-2023-23039
An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). • https://lkml.org/lkml/2023/1/1/169 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26242
https://notcve.org/view.php?id=CVE-2023-26242
afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow. • https://bugzilla.suse.com/show_bug.cgi?id=1208518 https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com https://security.netapp.com/advisory/ntap-20230406-0002 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-3424
https://notcve.org/view.php?id=CVE-2022-3424
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2132640 https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz%40163.com https://security.netapp.com/advisory/ntap-20230406-0005 https://www.spinics.net/lists/kernel/msg4518970.html • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0590 – kernel: use-after-free due to race condition in qdisc_graft()
https://notcve.org/view.php?id=CVE-2023-0590
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. • https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://lore.kernel.org/all/20221018203258.2793282-1-edumazet%40google.com https://access.redhat.com/security/cve/CVE-2023-0590 https://bugzilla.redhat.com/show_bug.cgi?id=2165741 • CWE-416: Use After Free •