9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.017 Low
EPSS
Percentile
87.4%
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)
kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead (CVE-2023-3611)
kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)
kernel: use after free in unix_stream_sendpage (CVE-2023-4622)
kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)
kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)
kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)
kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)
kernel: Race Condition leading to UAF in Unix Socket could happen in sk_receive_queue (BZ#2230094)
kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c (CVE-2023-0458)
kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073)
kernel: hid: Use After Free in asus_remove() (CVE-2023-1079)
kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (CVE-2023-1838)
kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)
kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race (CVE-2023-3567)
kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params() (CVE-2023-3772)
kernel: smsusb: use-after-free caused by do_submit_urb() (CVE-2023-4132)
kernel: A heap out-of-bounds write (CVE-2023-5717)
kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion (CVE-2023-23455)
kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)
kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (CVE-2023-28328)
kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove() (CVE-2023-33203)
kernel: saa7134: race condition leading to use-after-free in saa7134_finidev() (CVE-2023-35823)
kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c() (CVE-2023-35824)
kernel: r592: race condition leading to use-after-free in r592_remove() (CVE-2023-35825)
kernel: SEV-ES local priv escalation (CVE-2023-46813)
kernel: net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075)
kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)
kernel: Use after free bug in r592_remove (CVE-2023-3141)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.017 Low
EPSS
Percentile
87.4%