Lucene search

H410s Security Vulnerabilities

cve

CVE-2019-20636

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

6.7CVSS

6.4AI Score

0.0004EPSS

2020-04-08 02:15 PM

183

cve

CVE-2022-0492

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

7.8CVSS

8AI Score

0.095EPSS

2022-03-03 07:15 PM

471

cve

CVE-2022-25636

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

7.8CVSS

7.4AI Score

0.0004EPSS

2022-02-24 03:15 PM

392

cve

CVE-2022-48502

An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.

7.1CVSS

7AI Score

0.001EPSS

2023-05-31 08:15 PM

cve

CVE-2023-1295

A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622...

7.8CVSS

6.5AI Score

0.0004EPSS

2023-06-28 12:15 PM

cve

CVE-2023-1838

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.

7.1CVSS

6.4AI Score

0.0004EPSS

2023-04-05 07:15 PM

cve

CVE-2023-1989

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

7CVSS

6.9AI Score

0.0004EPSS

2023-04-11 09:15 PM

106

cve

CVE-2023-28466

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

7CVSS

6.9AI Score

0.0004EPSS

2023-03-16 12:15 AM

114

cve

CVE-2023-32247

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-s...

7.5CVSS

7.1AI Score

0.004EPSS

2023-07-24 04:15 PM

cve

CVE-2023-32248

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage th...

7.5CVSS

7.5AI Score

0.003EPSS

2023-07-24 04:15 PM

cve

CVE-2023-32250

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...

9CVSS

7.7AI Score

0.002EPSS

2023-07-10 04:15 PM

cve

CVE-2023-32254

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabil...

9.8CVSS

7.7AI Score

0.002EPSS

2023-07-10 04:15 PM

cve

CVE-2023-32257

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage t...

8.1CVSS

7.7AI Score

0.004EPSS

2023-07-24 04:15 PM

cve

CVE-2023-32258

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vuln...

8.1CVSS

8.5AI Score

0.002EPSS

2023-07-24 04:15 PM

cve

CVE-2023-3390

A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local at...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-06-28 09:15 PM

280

cve

CVE-2023-35001

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

7.8CVSS

8AI Score

0.0005EPSS

2023-07-05 07:15 PM

303

cve

CVE-2023-35826

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.

7CVSS

6.5AI Score

0.0004EPSS

2023-06-18 10:15 PM

cve

CVE-2023-35828

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.

7CVSS

7.1AI Score

0.0004EPSS

2023-06-18 10:15 PM

cve

CVE-2023-35829

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.

7CVSS

6.8AI Score

0.0004EPSS

2023-06-18 10:15 PM

cve

CVE-2023-38426

An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.

9.1CVSS

8.7AI Score

0.001EPSS

2023-07-18 12:15 AM

cve

CVE-2023-38427

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.

9.8CVSS

8.8AI Score

0.001EPSS

2023-07-18 12:15 AM

cve

CVE-2023-38428

An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.

9.1CVSS

8.8AI Score

0.001EPSS

2023-07-18 12:15 AM

cve

CVE-2023-38430

An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.

9.1CVSS

8.8AI Score

0.001EPSS

2023-07-18 12:15 AM

cve

CVE-2023-38431

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.

9.1CVSS

8.8AI Score

0.001EPSS

2023-07-18 12:15 AM

cve

CVE-2023-38432

An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.

9.1CVSS

8.7AI Score

0.001EPSS

2023-07-18 12:15 AM

cve

CVE-2023-4004

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.

7.8CVSS

7.6AI Score

0.001EPSS

2023-07-31 05:15 PM

332