313 matches found
CVE-2023-3079
Summary (CVE-2023-3079) : A type confusion in V8 in Google Chrome prior to 114.0.5735.110 can allow remote code execution via a crafted HTML page, with heap corruption as the underlying issue. The vulnerability affects Chrome’s Chromium-based rendering stack (V8 engine) and is rated High severity...
CVE-2023-0266
CVE-2023-0266 is a use-after-free in the Linux kernel’s ALSA PCM subsystem. The vulnerability arises because SNDRV_CTL_IOCTL_ELEM_READ32/WRITE32 paths lack proper locking, enabling a use‑after‑free that can lead to privilege escalation to ring0 from a system user. Affected material points to the ...
CVE-2023-32233
CVE-2023-32233 concerns a use-after-free in Netfilter nf_tables in the Linux kernel (through 6.3.1) when processing batch requests. Unprivileged local users can exploit this to perform arbitrary reads/writes in kernel memory, enabling local privilege escalation to root. The root cause is mishandl...
CVE-2023-42753
CVE-2023-42753 is a Linux kernel netfilter nftables/IPSET issue caused by a missing IP_SET_HASH_WITH_NET0 macro, leading to incorrect CIDR_POS calculations and potential slab out-of-bounds access. Local unprivileged users could trigger memory corruption or crashes; privilege escalation is possibl...
CVE-2023-4622
CVE-2023-4622 is a Linux kernel use-after-free in af_unix (unix_stream_sendpage) where the code accesses the peer’s skb without holding the queue lock, enabling a local privilege escalation through a race with garbage collection. Public analyses in connected advisories (e.g., Astra Linux, ALAS2 l...
CVE-2023-4623
CVE-2023-4623 describes a use-after-free in the Linux kernel’s net/sched sch_hfsc subsystem that can enable local privilege escalation. The issue occurs when a class uses a link-sharing curve (HFSC_FSC) and has a parent without one; init_vf() may call vttree_insert() on the parent, but update_vf(...
CVE-2023-4206
CVE-2023-4206 is a use-after-free vulnerability in the Linux kernel net/sched: cls_route (route handling) caused by route4_change() copying the entire tcf_result into a new filter. On update, tcf_unbind_filter() is invoked on the old instance, decreasing the parent class’ filter_cnt and potential...
CVE-2023-1206
CVE-2023-1206 describes a hash collision flaw in the Linux kernel’s IPv6 connection lookup table that can allow a local attacker or a user with high bandwidth to cause significant CPU spike (up to 95%) on the server accepting IPv6 connections. Connected advisories show this CVE being addressed in...
CVE-2023-42754
CVE-2023-42754 is a vulnerability in the Linux kernel IPv4 stack: a NULL pointer dereference where skb may not be bound to a device before __ip_options_compile if the skb is re-routed by ipvs. The impact is a local crash under CAP_NET_ADMIN. Public details in connected advisories reaffirm the iss...
CVE-2023-4194
CVE-2023-4194 affects the Linux kernel TUN/TAP network devices. A type confusion in initialization of tun/tap sockets could let a local user bypass network filters and access resources. The description notes patches for CVE-2023-1076 were incomplete; upstream commits (tun_chr_open/tun_open and re...
CVE-2023-39194
CVE-2023-39194 – The Apollo/CVE entry documents a flaw in the Linux kernel XFRM subsystem: during processing of state filters, an out-of-bounds read past the end of an allocated buffer can be triggered by a local attacker with CAP_NET_ADMIN privileges, potentially leading to information disclosur...
CVE-2023-39193
CVE-2023-39193 affects the Linux kernel Netfilter SCTP path, where sctp_mt_check fails to validate the flag_count field, enabling a local attacker with CAP_NET_ADMIN to trigger an out-of-bounds read that can crash the system or cause information disclosure. Connected advisories (Red Hat, AlmaLinu...
CVE-2023-4155
CVE-2023-4155 describes a vulnerability in the Linux kernel’s KVM AMD SEV implementation. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race that causes the VMGEXIT handler to be invoked recursively. If the handler is called multiple times, this can lead to a ...
CVE-2023-5345
CVE-2023-5345 : A use-after-free in the Linux kernel kernel’s fs/smb/client component can enable local privilege escalation. Specifically, an error in smb3_fs_context_parse_param frees ctx->password but does not set it to NULL, risking a double-free scenario. The issue is documented in the CVE...
CVE-2023-39192
CVE-2023-39192 : A flaw in the Linux kernel Netfilter xt_u32 module allows a local privileged attacker to trigger an out-of-bounds read by crafting improper values in the xt_u32 structure. The root cause is missing validation of fields in xt_u32, leading to crash or information disclosure. Impact...
CVE-2023-1192
CVE-2023-1192 denotes a use-after-free in CIFS smb2_is_status_io_timeout() within the Linux kernel, where memory freed during a system call and CIFS’ later access to that memory can trigger a denial of service. The connected advisories confirm this UAF issue exists in kernel CIFS code and link it...
CVE-2023-5090
CVE-2023-5090: A flaw in Linux kernel KVM (svm_set_x2apic_msr_interception) enables direct access to host x2apic MSRs when a guest resets its APIC, potentially causing denial of service. Connected advisories (Astra Linux, IBM Guardium bulletin, Amazon ALAS) reference this CVE as part of Linux ker...
CVE-2023-23454
CVE-2023-23454 affects the Linux kernel cbq_classify (net/sched/sch_cbq.c) up to version 6.1.4, enabling a local attacker to trigger a slab-out-of-bounds read via type confusion (non-negative values may be misinterpreted as TC_ACT_SHOT), causing denial of service. Connected advisories reference s...
CVE-2023-3567
CVE-2023-3567 is a use-after-free vulnerability in Linux kernel code (vc_screen.c: vcs_read in vc_screen) that can allow a local attacker to crash the system or leak kernel information. Connected advisories (Astra Linux, CIRCL sighting, and Amazon Linux advisories) confirm the same UAF issue and ...
CVE-2023-1829
CVE-2023-1829 affects the Linux kernel tcindex subsystem. A use-after-free can occur in tcindex_delete when filters are not properly deactivated for a perfect-hash underlying structure, potentially enabling local privilege escalation to root. The flaw is tied to the traffic control index filter (...
CVE-2023-4921
CVE-2023-4921 is a Linux kernel net/sched vulnerability in the qfq (Priority Fair Queue) subsystem. When the plug qdisc is used as a class of the qfq qdisc, sending packets can trigger a use-after-free in qfq_dequeue() due to the incorrect .peek handler in sch_plug and missing error checking in a...
CVE-2023-0386
CVE-2023-0386 describes a Linux kernel OverlayFS uid-mapping bug that lets a local user escalate privileges by improperly handling execution of setuid-capable files copied between mounts. Connected advisories confirm this CVE affecting upstream Linux kernel and note fixes via newer kernel package...
CVE-2022-4378
CVE-2022-4378 is a Linux kernel stack overflow flaw in the SYSCTL subsystem triggered by how a user changes certain kernel parameters, allowing a local user to crash the system or potentially escalate privileges. Public advisories (ALSA and CloudLinux entries) confirm the issue affects stack over...
CVE-2023-2177
CVE-2023-2177 describes a NULL pointer dereference in SCTP processing in Linux kernel: if stream_in allocation fails, stream_out is freed and later accessed, allowing a local user to crash the system or cause a denial of service. Affected component: net/sctp/stream_sched.c. Exploitation info is n...
CVE-2023-0459
CVE-2023-0459: Linux kernel on 64-bit systems is affected by a local elevation of information disclosure due to Copy_from_user bypassing __uaccess_begin_nospec, bypassing access_ok and allowing a user to pass a kernel pointer to copy_from_user. Root cause is the __uaccess_begin_nospec handling. I...
CVE-2023-3812
CVE-2023-3812 : Linux kernel TUN/TAP driver flaw allows local users to crash or possibly escalate privileges by generating a malicious oversized networking packet when napi frags is enabled. Root cause: out-of-bounds memory access in packet handling. Public details confirm impact and conditional ...
CVE-2023-0394
CVE-2023-0394: A NULL pointer dereference in rawv6_push_pending_frames() of the Linux kernel (net/ipv6/raw.c) can cause a crash (DoS). The issue is confirmed across multiple advisories (e.g., Astra Linux and Brocade/SANnav postings) as a Linux kernel vulnerability, with no explicit public exploit...
CVE-2023-4004
CVE-2023-4004 is a use-after-free in the Linux kernel’s netfilter nft_pipapo_remove() path when triggering the element without NFT_SET_EXT_KEY_END. This vulnerability can let a local attacker crash the system or potentially escalate privileges. The issue is tied to nf_tables/netfilter behavior an...
CVE-2023-1859
CVE-2023-1859 is a use-after-free in Xen transport 9pfs (xen_9pfs_front_removet in net/9p/trans_xen.c) of the Linux kernel. Connected security bulletins confirm a race condition that could allow a local attacker to crash the system and potentially leak kernel information. Affected is the Xen 9pfs...
CVE-2023-35001
CVE-2023-35001 is a Linux kernel nftables vulnerability where the nft_byteorder expression mishandles vm register contents when CAP_NET_ADMIN exists in any user or network namespace, causing an out-of-bounds read/write in the nf_tables nft_byteorder path. Public references in the provided documen...
CVE-2023-6546
CVE-2023-6546 describes a race condition in the Linux kernel’s GSM 0710 tty multiplexor. Two threads can race on GSMIOC_SETCONF on the same tty when gsm line discipline is enabled, triggering a use-after-free of the gsm_dlci during GSM mux restart and potentially enabling local privilege escalati...
CVE-2023-34319
CVE-2023-34319 is a Linux kernel netback driver buffer overrun caused by an edge case where an entire packet is fragmented into the maximum pieces yet remains smaller than the area that preserves all headers together, after the XSA-423 fix. Exploitation could enable local denial-of-service or ins...
CVE-2023-3609
CVE-2023-3609 is a Linux kernel use-after-free in the net/sched: cls_u32 classifier. The flaw arises when tcf_change_indev() fails; u32_set_parms() returns after updating the reference counter in tcf_bind_filter(), and an attacker who can manipulate the reference counter to zero can cause the ref...
CVE-2023-3772
CVE-2023-3772 is a Linux kernel vulnerability in the IPsec XFRM subsystem that allows a local attacker with CAP_NET_ADMIN to dereference a NULL pointer in xfrm_update_ae_params(), potentially crashing the kernel and causing a denial of service. Connected documents confirm the root cause as a NULL...
CVE-2023-3611
Consolidated details confirm CVE-2023-3611 affects the Linux kernel’s net/sched sch_qfq code. The vulnerability is an out-of-bounds write in qfq_change_agg where lmax is updated based on packet sizes without proper bounds checks, enabling local privilege escalation. The issue is triggered in sch_...
CVE-2023-3390
CVE-2023-3390 is a local-use-after-free vulnerability in Linux kernel nftables (net/netfilter/nf_tables_api.c) caused by mishandled NFT_MSG_NEWRULE error paths, enabling a local attacker with CAP_SYS_ADMIN to trigger a privilege escalation. Public advisories (Amazon Linux 2/ALAS, Astra Linux, Deb...
CVE-2023-3776
CVE-2023-3776: A use-after-free in Linux kernel net/sched cls_fw can lead to local privilege escalation if an attacker controls the reference counter in tcf_bind_filter and frees the object by setting the counter to zero. The issue stems from fw_set_parms() returning after reference counter adjus...
CVE-2023-4133
CVE-2023-4133 affects the Linux kernel cxgb4 driver; root cause is a use-after-free during detachment when flower_stats_timer is rearmed on the work queue, which can cause local denial of service by crashing the system. The MiracleLinux advisory AXSA:2024-8139:15 references CVE-2023-4133 among af...
CVE-2023-6176
The connected documents confirm CVE-2023-6176 is a Linux kernel issue in the cryptographic algorithm scatterwalk API. A null pointer dereference can be triggered when a local user constructs a malicious packet with specific socket configuration, potentially crashing the system or enabling privile...
CVE-2023-31083
CVE-2023-31083 affects the Linux kernel (drivers/bluetooth/hci_ldisc.c). In hci_uart_tty_ioctl, there is a race between HCIUARTSETPROTO and HCIUARTGETPROTO where HCI_UART_PROTO_SET is written before hu->proto is set, which may cause a NULL pointer dereference. The connected advisories confirm ...
CVE-2023-23455
CVE-2023-23455 affects the Linux kernel’s ATM traffic control path: atm_tc_enqueue in net/sched/sch_atm.c up to version 6.1.4 is vulnerable to a type confusion that can misclassify values, enabling a local denial-of-service. Public reports describe the issue without details on exploits beyond DoS...
CVE-2023-0461
CVE-2023-0461 describes a use-after-free in the Linux kernel’s handling of TLS contexts on TCP sockets (icalled icsk_ulp_data) that can trigger a double-free when a TLS context is inherited by a reused listener. Affected scenario requires CONFIG_TLS to be enabled and may enable local privilege es...
CVE-2023-2008
The CVE-2023-2008 flaw is in the Linux kernel udmabuf device driver, within its fault handler. It stems from insufficient validation of user-supplied data, allowing a memory access past the end of an array. This can enable local privilege escalation and execution of arbitrary code in the kernel c...
CVE-2023-31436
Summary: CVE-2023-31436 affects the Linux kernel net/sched/qfq subsystem (qfq_change_class in net/sched/sch_qfq.c). The flaw allows a heap/out-of-bounds write because lmax can exceed QFQ_MIN_LMAX, leading to information disclosure, privilege escalation, or denial of service as described in public...
CVE-2023-2163
Summary of CVE-2023-2163 : The issue is an incorrect verifier pruning in the kernel’s BPF verifier for Linux kernel versions >= 5.4, where unsafe code paths can be marked safe, enabling arbitrary reads/writes in kernel memory, lateral privilege escalation, and container escapes. Connected advi...
CVE-2023-2166
CVE-2023-2166 pertains to a NULL pointer dereference in the Linux kernel CAN protocol (net/can/af_can.c). The issue is that ml_priv may not be initialized in the receive path for CAN frames, enabling a local attacker to crash the system or potentially cause a denial of service via a malformed or ...
CVE-2022-47929
CVE-2022-47929 is a Linux kernel vulnerability: a NULL pointer dereference in the traffic control subsystem (affecting qdisc_graft in net/sched/sch_api.c) that allows an unprivileged user to trigger a denial of service (system crash) via crafted tc qdisc/class configurations. Exploitation is loca...
CVE-2023-4389
CVE-2023-4389 concerns a flaw in btrfs_get_root_ref (fs/btrfs/disk-io.c) of the Linux kernel where the reference count is decremented twice. The connected Astra Linux security bulletin confirms the issue affects the Linux kernel used in that distro (linux-5.10) and describes a local-privilege sce...
CVE-2023-5178
CVE-2023-5178 is a use-after-free vulnerability in the NVMe over Fabrics over TCP subsystem of the Linux kernel, specifically nvmet_tcp_free_crypto in drivers/nvme/target/tcp.c. The logical bug can lead to use-after-free and double-free conditions, with potential remote code execution or local pr...
CVE-2023-38409
CVE-2023-38409 affects the Linux kernel fbcon subsystem (drivers/video/fbdev/core/fbcon.c). The issue arises in set_con2fb_map: an assignment is performed only for the first virtual console, which can desynchronize fbcon_registered_fb and fbcon_display when fbcon_mode_deleted is invoked, leaving ...