CVE-2023-26607
https://notcve.org/view.php?id=CVE-2023-26607
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. • https://bugzilla.suse.com/show_bug.cgi?id=1208703 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36a4d82dddbbd421d2b8e79e1cab68c8126d5075 https://lkml.org/lkml/2023/2/21/1353 https://security.netapp.com/advisory/ntap-20230316-0010 • CWE-125: Out-of-bounds Read •
CVE-2023-26606
https://notcve.org/view.php?id=CVE-2023-26606
In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=557d19675a470bb0a98beccec38c5dc3735c20fa https://lkml.org/lkml/2023/2/20/860 https://security.netapp.com/advisory/ntap-20230316-0010 • CWE-416: Use After Free •
CVE-2023-26605
https://notcve.org/view.php?id=CVE-2023-26605
In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e3c51f4e805291b057d12f5dda5aeb50a538dc4 https://lkml.org/lkml/2023/2/22/3 https://security.netapp.com/advisory/ntap-20230316-0010 • CWE-416: Use After Free •
CVE-2023-26544
https://notcve.org/view.php?id=CVE-2023-26544
In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. • https://bugzilla.suse.com/show_bug.cgi?id=1208697 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=887bfc546097fbe8071dac13b2fef73b77920899 https://lkml.org/lkml/2023/2/20/128 https://security.netapp.com/advisory/ntap-20230316-0010 • CWE-416: Use After Free •
CVE-2023-26545 – kernel: mpls: double free on sysctl allocation failure
https://notcve.org/view.php?id=CVE-2023-26545
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377 https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230316-0009 https://access.redhat.com/security/cve/CVE-2023-26545 • CWE-415: Double Free •