CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-3640 – Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space
https://notcve.org/view.php?id=CVE-2023-3640
24 Jul 2023 — A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could al... • https://github.com/pray77/CVE-2023-3640 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-3812 – Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags
https://notcve.org/view.php?id=CVE-2023-3812
24 Jul 2023 — An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability. • https://access.redhat.com/errata/RHSA-2023:6799 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2023-3567 – Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
https://notcve.org/view.php?id=CVE-2023-3567
24 Jul 2023 — A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It w... • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 1CVE-2023-3269 – Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal
https://notcve.org/view.php?id=CVE-2023-3269
06 Jul 2023 — A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges. Ruihan Li discovered that the memory management subsystem in the Linux kernel contained a race condition when accessing VMAs in certain conditions, leading to a use-after-free vulnerabilit... • https://github.com/lrh2000/StackRot • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25517
https://notcve.org/view.php?id=CVE-2023-25517
03 Jul 2023 — NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5468 • CWE-285: Improper Authorization •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1206 – kernel: hash collisions in the IPv6 connection lookup table
https://notcve.org/view.php?id=CVE-2023-1206
30 Jun 2023 — A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. ... • https://bugzilla.redhat.com/show_bug.cgi?id=2175903 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.4EPSS: 0%CPEs: 18EXPL: 0CVE-2023-3212 – kernel: gfs2: NULL pointer dereference in gfs2_evict_inode()
https://notcve.org/view.php?id=CVE-2023-3212
23 Jun 2023 — A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. A NULL pointer dereference flaw was found in the gfs2 file system in the Linux kernel. This issue occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structu... • https://bugzilla.redhat.com/show_bug.cgi?id=2214348 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-3161 – kernel: fbcon: shift-out-of-bounds in fbcon_set_font()
https://notcve.org/view.php?id=CVE-2023-3161
12 Jun 2023 — A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing a font->width and font->height greater than 32 to the fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs, leading t... • https://bugzilla.redhat.com/show_bug.cgi?id=2213485 • CWE-682: Incorrect Calculation CWE-1335: Incorrect Bitwise Shift of Integer •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-33203 – kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove()
https://notcve.org/view.php?id=CVE-2023-33203
18 May 2023 — The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. A race condition vulnerability was found in the Linux kernel's Qualcomm EMAC Gigabit Ethernet Controller when the user physically removes the device before cleanup in the emac_remove function. This flaw can eventually result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors. Patry... • https://bugzilla.redhat.com/show_bug.cgi?id=2192667 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-33951 – Kernel: vmwgfx: race condition leading to information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-33951
17 May 2023 — A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •