Filtered by vendor Linux
Subscribe
Total
6322 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45898 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 7.8 HIGH |
| The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent. | |||||
| CVE-2023-3640 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-11-07 | N/A | 7.8 HIGH |
| A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system. | |||||
| CVE-2023-3355 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system. | |||||
| CVE-2023-3338 | 3 Debian, Linux, Netapp | 3 Debian Linux, Linux Kernel, Active Iq Unified Manager | 2023-11-07 | N/A | 6.5 MEDIUM |
| A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system. | |||||
| CVE-2023-3317 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 7.1 HIGH |
| A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after 'features' memory release. This vulnerability could even lead to a kernel information leak problem. | |||||
| CVE-2023-3312 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 7.5 HIGH |
| A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service. | |||||
| CVE-2023-3269 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2023-11-07 | N/A | 7.8 HIGH |
| A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges. | |||||
| CVE-2023-3268 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-11-07 | N/A | 7.1 HIGH |
| An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. | |||||
| CVE-2023-3141 | 3 Debian, Linux, Netapp | 3 Debian Linux, Linux Kernel, Hci Baseboard Management Controller | 2023-11-07 | N/A | 7.1 HIGH |
| A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. | |||||
| CVE-2023-3111 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2023-11-07 | N/A | 7.8 HIGH |
| A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | |||||
| CVE-2023-35824 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-11-07 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. | |||||
| CVE-2023-35823 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-11-07 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. | |||||
| CVE-2023-33288 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 4.7 MEDIUM |
| An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition. | |||||
| CVE-2023-2860 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 4.4 MEDIUM |
| An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel. | |||||
| CVE-2023-2513 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-11-07 | N/A | 6.7 MEDIUM |
| A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. | |||||
| CVE-2023-2166 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 5.5 MEDIUM |
| A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. | |||||
| CVE-2023-28866 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 5.3 MEDIUM |
| In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not. | |||||
| CVE-2023-28772 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 6.7 MEDIUM |
| An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. | |||||
| CVE-2023-27875 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2023-11-07 | N/A | 7.5 HIGH |
| IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847. | |||||
| CVE-2023-27874 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2023-11-07 | N/A | 8.8 HIGH |
| IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845. | |||||