An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.
Max Base Score
7.0
Published
2023-10-27
Updated
2023-11-07
EPSS
0.04%
The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.
Max Base Score
7.8
Published
2023-10-16
Updated
2023-10-19
EPSS
0.04%
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.
Max Base Score
9.8
Published
2023-10-15
Updated
2023-11-10
EPSS
0.06%
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.
Max Base Score
7.5
Published
2023-10-14
Updated
2023-11-16
EPSS
0.05%
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
Max Base Score
8.8
Published
2023-09-29
Updated
2023-11-16
EPSS
0.29%
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
Max Base Score
7.8
Published
2023-09-25
Updated
2023-11-28
EPSS
0.04%
extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.
Max Base Score
9.1
Published
2023-10-16
Updated
2023-11-10
EPSS
0.05%
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.
Max Base Score
7.8
Published
2023-08-14
Updated
2023-10-24
EPSS
0.04%
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.
Max Base Score
7.5
Published
2023-11-09
Updated
2023-11-16
EPSS
0.04%
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.
Max Base Score
8.2
Published
2023-10-04
Updated
2023-10-06
EPSS
0.05%
An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.
Max Base Score
9.1
Published
2023-07-18
Updated
2023-08-31
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.
Max Base Score
9.1
Published
2023-07-18
Updated
2023-07-27
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.
Max Base Score
9.1
Published
2023-07-18
Updated
2023-08-31
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.
Max Base Score
9.8
Published
2023-07-18
Updated
2023-07-27
EPSS
0.09%
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.
Max Base Score
9.1
Published
2023-07-18
Updated
2023-08-31
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.
Max Base Score
9.8
Published
2023-07-18
Updated
2023-11-17
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.
Max Base Score
9.1
Published
2023-07-18
Updated
2023-09-15
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
Max Base Score
7.0
Published
2023-06-18
Updated
2023-08-03
EPSS
0.04%
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
Max Base Score
7.0
Published
2023-06-18
Updated
2023-08-03
EPSS
0.04%
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
Max Base Score
7.0
Published
2023-06-18
Updated
2023-08-03
EPSS
0.04%
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.
Max Base Score
7.0
Published
2023-06-18
Updated
2023-08-03
EPSS
0.04%
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
Max Base Score
7.0
Published
2023-06-18
Updated
2023-10-29
EPSS
0.04%
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
Max Base Score
7.0
Published
2023-06-18
Updated
2023-10-29
EPSS
0.04%
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
Max Base Score
7.8
Published
2023-06-16
Updated
2023-11-02
EPSS
0.04%
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
Max Base Score
7.8
Published
2023-07-05
Updated
2023-09-11
EPSS
0.05%
1386 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!