Linux » Linux Kernel : Security Vulnerabilities CVSS score >= 7
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.
Max Base Score
7.0
Published
2023-10-27
Updated
2023-11-07
EPSS
0.04%
The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.
Max Base Score
7.8
Published
2023-10-16
Updated
2023-10-19
EPSS
0.04%
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.
Max Base Score
9.8
Published
2023-10-15
Updated
2023-11-10
EPSS
0.06%
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.
Max Base Score
7.5
Published
2023-10-14
Updated
2023-11-16
EPSS
0.05%
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
Max Base Score
8.8
Published
2023-09-29
Updated
2023-11-16
EPSS
0.29%
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
Max Base Score
7.8
Published
2023-09-25
Updated
2023-11-28
EPSS
0.04%
extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.
Max Base Score
9.1
Published
2023-10-16
Updated
2023-11-10
EPSS
0.05%
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.
Max Base Score
7.8
Published
2023-08-14
Updated
2023-10-24
EPSS
0.04%
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.
Max Base Score
7.5
Published
2023-11-09
Updated
2023-11-16
EPSS
0.04%
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.
Max Base Score
8.2
Published
2023-10-04
Updated
2023-10-06
EPSS
0.05%
An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.
Max Base Score
9.1
Published
2023-07-18
Updated
2023-08-31
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.
Max Base Score
9.1
Published
2023-07-18
Updated
2023-07-27
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.
Max Base Score
9.1
Published
2023-07-18
Updated
2023-08-31
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.
Max Base Score
9.8
Published
2023-07-18
Updated
2023-07-27
EPSS
0.09%
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.
Max Base Score
9.1
Published
2023-07-18
Updated
2023-08-31
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.
Max Base Score
9.8
Published
2023-07-18
Updated
2023-11-17
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.
Max Base Score
9.1
Published
2023-07-18
Updated
2023-09-15
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
Max Base Score
7.0
Published
2023-06-18
Updated
2023-08-03
EPSS
0.04%
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
Max Base Score
7.0
Published
2023-06-18
Updated
2023-08-03
EPSS
0.04%
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
Max Base Score
7.0
Published
2023-06-18
Updated
2023-08-03
EPSS
0.04%
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.
Max Base Score
7.0
Published
2023-06-18
Updated
2023-08-03
EPSS
0.04%
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
Max Base Score
7.0
Published
2023-06-18
Updated
2023-10-29
EPSS
0.04%
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
Max Base Score
7.0
Published
2023-06-18
Updated
2023-10-29
EPSS
0.04%
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
Max Base Score
7.8
Published
2023-06-16
Updated
2023-11-02
EPSS
0.04%
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
Max Base Score
7.8
Published
2023-07-05
Updated
2023-09-11
EPSS
0.05%