| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-28772 |
120 |
|
Overflow |
2023-03-23 |
2023-03-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. |
|
2 |
CVE-2023-28466 |
476 |
|
|
2023-03-16 |
2023-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). |
|
3 |
CVE-2023-26607 |
125 |
|
|
2023-02-26 |
2023-03-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. |
|
4 |
CVE-2023-26606 |
416 |
|
|
2023-02-26 |
2023-03-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c. |
|
5 |
CVE-2023-26605 |
416 |
|
|
2023-02-26 |
2023-03-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. |
|
6 |
CVE-2023-26545 |
415 |
|
|
2023-02-25 |
2023-03-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. |
|
7 |
CVE-2023-26544 |
416 |
|
|
2023-02-25 |
2023-03-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. |
|
8 |
CVE-2023-26242 |
190 |
|
Overflow |
2023-02-21 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow. |
|
9 |
CVE-2023-25012 |
416 |
|
|
2023-02-02 |
2023-02-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. |
|
10 |
CVE-2023-23586 |
416 |
|
+Info |
2023-02-17 |
2023-02-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring |
|
11 |
CVE-2023-23559 |
190 |
|
Overflow |
2023-01-13 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. |
|
12 |
CVE-2023-23455 |
843 |
|
DoS |
2023-01-12 |
2023-03-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). |
|
13 |
CVE-2023-23454 |
843 |
|
DoS |
2023-01-12 |
2023-03-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). |
|
14 |
CVE-2023-23039 |
362 |
|
|
2023-02-22 |
2023-03-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove(). |
|
15 |
CVE-2023-23006 |
476 |
|
|
2023-03-01 |
2023-03-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
|
16 |
CVE-2023-23005 |
476 |
|
|
2023-03-01 |
2023-03-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached. |
|
17 |
CVE-2023-23004 |
476 |
|
|
2023-03-01 |
2023-03-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
|
18 |
CVE-2023-23003 |
252 |
|
|
2023-03-01 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value. |
|
19 |
CVE-2023-23002 |
476 |
|
|
2023-03-01 |
2023-03-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
|
20 |
CVE-2023-23001 |
476 |
|
|
2023-03-01 |
2023-03-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
|
21 |
CVE-2023-23000 |
476 |
|
|
2023-03-01 |
2023-03-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used. |
|
22 |
CVE-2023-22999 |
476 |
|
|
2023-02-28 |
2023-03-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
|
23 |
CVE-2023-22998 |
436 |
|
|
2023-02-28 |
2023-03-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
|
24 |
CVE-2023-22997 |
476 |
|
|
2023-02-28 |
2023-03-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
|
25 |
CVE-2023-22996 |
772 |
|
|
2023-02-28 |
2023-03-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device. |
|
26 |
CVE-2023-22995 |
|
|
|
2023-02-28 |
2023-03-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. |
|
27 |
CVE-2023-1583 |
476 |
|
|
2023-03-24 |
2023-03-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash. |
|
28 |
CVE-2023-1390 |
|
|
DoS |
2023-03-16 |
2023-03-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition. |
|
29 |
CVE-2023-1281 |
416 |
|
|
2023-03-22 |
2023-03-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. |
|
30 |
CVE-2023-1252 |
416 |
|
|
2023-03-23 |
2023-03-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected. |
|
31 |
CVE-2023-1249 |
416 |
|
|
2023-03-23 |
2023-03-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. |
|
32 |
CVE-2023-1118 |
416 |
|
|
2023-03-02 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. |
|
33 |
CVE-2023-1095 |
476 |
|
|
2023-02-28 |
2023-03-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. |
|
34 |
CVE-2023-0615 |
369 |
|
Overflow |
2023-02-06 |
2023-02-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled. |
|
35 |
CVE-2023-0597 |
401 |
|
|
2023-02-23 |
2023-03-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. |
|
36 |
CVE-2023-0590 |
416 |
|
DoS |
2023-03-23 |
2023-03-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. |
|
37 |
CVE-2023-0469 |
416 |
|
DoS |
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service. |
|
38 |
CVE-2023-0468 |
416 |
|
|
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference. |
|
39 |
CVE-2023-0461 |
416 |
|
|
2023-02-28 |
2023-03-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c |
|
40 |
CVE-2023-0394 |
476 |
|
|
2023-01-26 |
2023-03-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. |
|
41 |
CVE-2023-0386 |
|
|
|
2023-03-22 |
2023-03-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. |
|
42 |
CVE-2023-0266 |
416 |
|
|
2023-01-30 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e |
|
43 |
CVE-2023-0240 |
416 |
|
|
2023-01-30 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161. |
|
44 |
CVE-2023-0122 |
476 |
|
DoS |
2023-01-17 |
2023-03-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4. |
|
45 |
CVE-2023-0030 |
416 |
|
Overflow |
2023-03-08 |
2023-03-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system. |
|
46 |
CVE-2022-48425 |
763 |
|
|
2023-03-19 |
2023-03-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. |
|
47 |
CVE-2022-48424 |
|
|
|
2023-03-19 |
2023-03-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. |
|
48 |
CVE-2022-48423 |
|
|
|
2023-03-19 |
2023-03-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. |
|
49 |
CVE-2022-47946 |
416 |
|
DoS |
2022-12-23 |
2023-01-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq. |
|
50 |
CVE-2022-47943 |
125 |
|
|
2022-12-23 |
2023-02-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case. |
