Design/Logic Flaw

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nftimmediatedeactivate can lead unbinding the chain and objects be deactivate...

CVE-2023-4206

A use-after-free vulnerability in the Linux kernel's net/sched: clsroute component can be exploited to achieve local privilege escalation. When route4change is called on an existing filter, the whole tcfresult struct is always copied into the new instance of the filter. This causes a problem when...

CVE-2023-3609

A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker...

CVE-2023-1872 Use-after-free in Linux kernel's io_uring subsystem

A use-after-free vulnerability in the Linux Kernel iouring system can be exploited to achieve local privilege escalation. The iofilegetfixed function lacks the presence of ctx-uringlock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We...

CVE-2020-8944 Unchecked buffer overrun in ecall_restore

An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecallrestore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within...