Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from f2fs explicitly terminating the xattr list with null when setting xattr...

SUSE CVE-2023-6606

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...

PT-2023-8385 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: An out-of-bounds memory read flaw was found in the receive encrypted standard function in the SMB Client sub-component of the Linux Kernel. This issue occurs due to integer underflow o...

PT-2023-18005 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a possible arbitrary code execution due to a use after free in the PMRChangeSparseMemOSMem function of physmem osmem linux.c. This could lead to local escalatio...

kernel: Linux kernel: Memory leak in RDMA/irdma subsystem leads to Denial of Service

A flaw was found in the Linux kernel's RDMA/irdma subsystem. When the irdma module is unloaded, certain memory objects PBLEs are not properly released, leading to a memory leak. A local attacker could repeatedly trigger this condition, causing system memory to be exhausted and resulting in a Deni...

CVE-2023-5158

A flaw was found in vringhkiovadvance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor...

PT-2023-9200 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use-after-free vulnerability in the f2fs read multi pages function. When f2fs decompress cluster is called and a cached page is hit in compress inode's cache,...

PT-2023-1007 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to a memory access check in the wrong place in multiple functions of mem protect.c, which could lead to local escalation of privilege with System execution...

VulnCheck KEV: CVE-2010-3904

Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets RDS protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls...

Spectre V1 Gadget in do_prlimit in the Linux Kernel

...

PT-2023-2825 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to a synchronization error in the rcu barrier function of the ksmbd module in the Linux kernel, which can be exploited to elevate privileges and execute arbitrary...

A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.

...

UBUNTU-CVE-2023-1990

A use-after-free flaw was found in ndlcremove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem...

UBUNTU-CVE-2023-1076

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAPNETADMIN, it may not always be the case, e.g., a non-root user only having that...

Linux Kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that stems from type obfuscation in initialization functions...

Use-after-free vulnerability in the Linux Kernel

...

PT-2023-35411 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.12 Description: The issue is related to the OF framebuffer device names not being unique. This could potentially lead to security vulnerabilities, although the actual impact and attack plausibility have not...

PT-2023-35393 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.13 Description: The issue is related to the reception of corrupted snap trace, which may lead to a security vulnerability. The actual impact and attack plausibility have not yet been proven. Recommendations...

PT-2023-35381 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.13 Description: The issue is related to the usb bulk msg function in the Linux Kernel's USB subsystem. It involves passing act len in the error path, which may have potential security implications. The actu...

UBUNTU-CVE-2023-1078

A flaw was found in the Linux Kernel in RDS Reliable Datagram Sockets protocol. The rdsrmzerocopycallback uses listentry on the head of a list causing a type confusion. Local user can trigger this with rdsmessageput. Type confusion leads to struct rdsmsgzcopyinfo info actually points to something...