Lucene search

K

45 matches found

CVE
CVE
added 2024/01/08 6:15 p.m.3371 views

CVE-2022-2602

io_uring UAF, Unix SCM garbage collection

7CVSS6.9AI score0.00933EPSS
CVE
CVE
added 2024/01/31 1:15 p.m.405 views

CVE-2024-1086

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vul...

7.8CVSS8.1AI score0.84966EPSS
CVE
CVE
added 2024/01/08 6:15 p.m.380 views

CVE-2022-2586

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

7.8CVSS7.7AI score0.03311EPSS
CVE
CVE
added 2024/01/08 6:15 p.m.349 views

CVE-2022-2588

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

7.8CVSS7.5AI score0.7097EPSS
CVE
CVE
added 2024/01/15 8:15 p.m.285 views

CVE-2024-0565

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

7.4CVSS7.2AI score0.00066EPSS
CVE
CVE
added 2024/01/09 6:15 p.m.278 views

CVE-2024-0340

A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to re...

5.5CVSS4.8AI score0.00006EPSS
CVE
CVE
added 2024/01/17 4:15 p.m.276 views

CVE-2024-0641

A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.

5.5CVSS4.9AI score0.00011EPSS
CVE
CVE
added 2024/01/17 4:15 p.m.265 views

CVE-2024-0646

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

7.8CVSS7.5AI score0.00017EPSS
CVE
CVE
added 2024/01/02 7:15 p.m.237 views

CVE-2023-7192

A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.

5.5CVSS5.5AI score0.00017EPSS
CVE
CVE
added 2024/01/04 5:15 p.m.233 views

CVE-2023-6270

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on struct net_device, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq global queue. This could le...

7CVSS7AI score0.00022EPSS
CVE
CVE
added 2024/01/02 6:15 p.m.222 views

CVE-2024-0193

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unpr...

7.8CVSS6.2AI score0.00056EPSS
CVE
CVE
added 2024/01/21 10:15 a.m.202 views

CVE-2023-6531

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

7CVSS6.5AI score0.00017EPSS
CVE
CVE
added 2024/01/12 12:15 a.m.196 views

CVE-2024-0443

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This ...

5.5CVSS5AI score0.00014EPSS
CVE
CVE
added 2024/01/15 10:15 a.m.186 views

CVE-2023-6915

A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.

6.2CVSS6AI score0.00011EPSS
CVE
CVE
added 2024/01/18 4:15 p.m.181 views

CVE-2024-0607

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the dst array. On each iteration, 8 bytes are written, but dst is an array of u32, so each element only has space for 4 bytes. Tha...

6.6CVSS6.6AI score0.00017EPSS
CVE
CVE
added 2024/01/12 2:15 a.m.159 views

CVE-2023-6040

An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within nf_tables_newtable function en...

7.8CVSS7.5AI score0.00012EPSS
CVE
CVE
added 2024/01/08 6:15 p.m.157 views

CVE-2022-2585

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.

7.8CVSS7.3AI score0.00332EPSS
CVE
CVE
added 2024/01/28 12:15 p.m.153 views

CVE-2024-0841

A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

7.8CVSS7.1AI score0.00011EPSS
CVE
CVE
added 2024/01/05 5:15 p.m.146 views

CVE-2023-34324

Closing of an event channel in the Linux kernel can result in a deadlock.This happens when the close is being performed in parallel to an unrelatedXen console action and the handling of a Xen console interrupt in anunprivileged guest. The closing of an event channel is e.g. triggered by removal of ...

4.9CVSS6.5AI score0.00067EPSS
CVE
CVE
added 2024/01/08 7:15 p.m.142 views

CVE-2021-3600

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

7.8CVSS7.5AI score0.00164EPSS
CVE
CVE
added 2024/01/11 7:15 p.m.142 views

CVE-2023-51780

An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.

7CVSS6.9AI score0.00022EPSS
CVE
CVE
added 2024/01/23 9:15 a.m.142 views

CVE-2024-23849

In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.

5.5CVSS5.9AI score0.00016EPSS
CVE
CVE
added 2024/01/25 7:15 a.m.137 views

CVE-2024-23307

Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.

7.8CVSS7.3AI score0.00091EPSS
CVE
CVE
added 2024/01/23 9:15 a.m.137 views

CVE-2024-23850

In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.

5.5CVSS5.7AI score0.0001EPSS
CVE
CVE
added 2024/01/23 9:15 a.m.127 views

CVE-2024-23848

In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.

5.5CVSS5.2AI score0.0001EPSS
CVE
CVE
added 2024/01/15 7:15 p.m.126 views

CVE-2024-0562

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in ...

7.8CVSS7.4AI score0.0002EPSS
CVE
CVE
added 2024/01/23 9:15 a.m.125 views

CVE-2024-23851

copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.

5.5CVSS5.8AI score0.00024EPSS
CVE
CVE
added 2024/01/30 3:15 p.m.121 views

CVE-2024-0564

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page shari...

6.5CVSS5.9AI score0.00022EPSS
CVE
CVE
added 2024/01/16 3:15 p.m.120 views

CVE-2024-0582

A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.

7.8CVSS7.3AI score0.00439EPSS
CVE
CVE
added 2024/01/23 11:15 a.m.117 views

CVE-2023-51043

In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.

7CVSS6.7AI score0.00011EPSS
CVE
CVE
added 2024/01/25 7:15 a.m.117 views

CVE-2024-22099

NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2.

6.3CVSS7.4AI score0.00037EPSS
CVE
CVE
added 2024/01/12 3:15 a.m.116 views

CVE-2022-48619

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.

5.5CVSS5.7AI score0.00009EPSS
CVE
CVE
added 2024/01/31 1:15 p.m.113 views

CVE-2024-1085

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation befo...

7.8CVSS7.4AI score0.00021EPSS
CVE
CVE
added 2024/01/23 3:15 a.m.106 views

CVE-2023-39197

An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.

7.5CVSS6.9AI score0.00039EPSS
CVE
CVE
added 2024/01/17 4:15 p.m.100 views

CVE-2024-0639

A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.

5.5CVSS5.6AI score0.00007EPSS
CVE
CVE
added 2024/01/29 11:15 a.m.88 views

CVE-2023-46838

Transmit requests in Xen's virtual network protocol can consist ofmultiple parts. While not really useful, except for the initial partany of them may be of zero length, i.e. carry no data at all. Besides acertain initial portion of the to be transferred data, these parts aredirectly translated into...

7.5CVSS7.7AI score0.00092EPSS
CVE
CVE
added 2024/01/11 7:15 p.m.86 views

CVE-2023-51782

An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.

7CVSS6.8AI score0.00019EPSS
CVE
CVE
added 2024/01/23 11:15 a.m.85 views

CVE-2023-51042

In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.

7.8CVSS7.1AI score0.00018EPSS
CVE
CVE
added 2024/01/22 1:15 p.m.84 views

CVE-2024-0775

A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.

7.1CVSS6.4AI score0.0001EPSS
CVE
CVE
added 2024/01/11 7:15 p.m.82 views

CVE-2023-51781

An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.

7CVSS6.8AI score0.00018EPSS
CVE
CVE
added 2024/01/23 11:15 a.m.79 views

CVE-2024-22705

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.

7.8CVSS7.2AI score0.00018EPSS
CVE
CVE
added 2024/01/23 10:15 a.m.76 views

CVE-2023-46343

In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.

5.5CVSS5.5AI score0.00009EPSS
CVE
CVE
added 2024/01/30 8:15 a.m.71 views

CVE-2024-21803

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: f...

7.8CVSS7.5AI score0.00037EPSS
CVE
CVE
added 2024/01/08 7:15 p.m.69 views

CVE-2023-1032

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

5.5CVSS5.4AI score0.00013EPSS
CVE
CVE
added 2024/01/28 1:15 p.m.54 views

CVE-2023-6200

A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.

7.5CVSS7.8AI score0.00772EPSS