CVE-2023-6606

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. Mitigation To mitigate this issue, prevent module cifs from being loaded. Please see...

CVE-2023-3611

An out-of-bounds memory write flaw was found in qfqchangeagg in net/sched/schqfq.c in the Traffic Control QoS subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation Mitigation for this issue is to skip loading the...

CVE-2023-2248

An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control QoS subsystem in how a user triggers the qfqchangeclass function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on t...

CVE-2023-1838

A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in the virtio network subcomponent in the Linux kernel due to a double fget. This issue could allow a local attacker to crash the system, and could lead to a kernel information leak problem. Mitigation This flaw can be...

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...

CVE-2023-1382

A data race flaw was found in the Linux kernel, between where con is allocated and con-sock is set. This issue leads to a NULL pointer dereference when accessing con-sock-sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. Mitigation This flaw can be mitigated by preventing the...

CVE-2022-41858

A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sltxtimeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. Mitigation This flaw can be mitigated by...

CVE-2022-0286

A NULL pointer dereference flaw was found in the Linux kernel’s bonding driver in the way a user bonds non existing or fake device. This flaw allows a local user to crash the system, causing a denial of service. Mitigation To mitigate this issue, prevent the module bonding from being loaded. Plea...

CVE-2021-30002

A flaw memory leak in the Linux kernel webcam device functionality was found in the way user calls ioctl that triggers videousercopy function. The highest threat from this vulnerability is to system availability. Mitigation To mitigate this issue, prevent the module v4l2-common from being loaded...

CVE-2020-27820

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without power-off, but same happens if "unbind" the driver. Mitigation To mitigate this issue, prevent the module...

CVE-2020-25643

A flaw was found in the HDLCPPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the pppcpparsecr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data...

CVE-2019-19076

A flaw was found in the way the NFP4000/NFP6000 Advanced buffer management NIC driver in the Linux kernel handled memory release on error handling. This flaw allows an attacker to cause a denial of service and crash the system. Mitigation To mitigate this issue, prevent module nfp from being...