# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2023-23559 |
190 |
|
Overflow |
2023-01-13 |
2023-01-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. |
2 |
CVE-2023-23455 |
843 |
|
DoS |
2023-01-12 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). |
3 |
CVE-2023-23454 |
843 |
|
DoS |
2023-01-12 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). |
4 |
CVE-2023-0122 |
476 |
|
DoS |
2023-01-17 |
2023-01-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4. |
5 |
CVE-2022-47946 |
416 |
|
DoS |
2022-12-23 |
2023-01-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq. |
6 |
CVE-2022-47943 |
125 |
|
|
2022-12-23 |
2023-01-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case. |
7 |
CVE-2022-47942 |
787 |
|
Overflow |
2022-12-23 |
2023-01-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command. |
8 |
CVE-2022-47941 |
401 |
|
|
2022-12-23 |
2023-01-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak. |
9 |
CVE-2022-47940 |
125 |
|
|
2022-12-23 |
2022-12-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write. |
10 |
CVE-2022-47939 |
416 |
|
|
2022-12-23 |
2023-01-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT. |
11 |
CVE-2022-47938 |
125 |
|
|
2022-12-23 |
2023-01-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT. |
12 |
CVE-2022-47929 |
476 |
|
DoS |
2023-01-17 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. |
13 |
CVE-2022-47521 |
787 |
|
Overflow |
2022-12-18 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames. |
14 |
CVE-2022-47520 |
125 |
|
|
2022-12-18 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. |
15 |
CVE-2022-47519 |
787 |
|
|
2022-12-18 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. |
16 |
CVE-2022-47518 |
787 |
|
Overflow |
2022-12-18 |
2023-01-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames. |
17 |
CVE-2022-45934 |
190 |
|
|
2022-11-27 |
2023-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. |
18 |
CVE-2022-45919 |
416 |
|
|
2022-11-27 |
2023-01-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. |
19 |
CVE-2022-45888 |
362 |
|
|
2022-11-25 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. |
20 |
CVE-2022-45887 |
362 |
|
|
2022-11-25 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. |
21 |
CVE-2022-45886 |
362 |
|
|
2022-11-25 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. |
22 |
CVE-2022-45885 |
362 |
|
|
2022-11-25 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. |
23 |
CVE-2022-45884 |
362 |
|
|
2022-11-25 |
2023-01-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. |
24 |
CVE-2022-45869 |
362 |
|
DoS Mem. Corr. |
2022-11-30 |
2022-12-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. |
25 |
CVE-2022-44034 |
362 |
|
|
2022-10-30 |
2022-11-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove(). |
26 |
CVE-2022-44033 |
362 |
|
|
2022-10-30 |
2022-11-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach(). |
27 |
CVE-2022-44032 |
362 |
|
|
2022-10-30 |
2022-11-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach(). |
28 |
CVE-2022-43945 |
770 |
|
Overflow |
2022-11-04 |
2022-12-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
29 |
CVE-2022-43750 |
787 |
|
|
2022-10-26 |
2023-01-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. |
30 |
CVE-2022-42896 |
416 |
|
Exec Code |
2022-11-23 |
2022-11-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url |
31 |
CVE-2022-42895 |
824 |
|
|
2022-11-23 |
2023-01-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url |
32 |
CVE-2022-42722 |
476 |
|
|
2022-10-14 |
2022-11-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. |
33 |
CVE-2022-42721 |
835 |
|
Exec Code |
2022-10-14 |
2022-11-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. |
34 |
CVE-2022-42720 |
416 |
|
Exec Code |
2022-10-14 |
2022-11-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code. |
35 |
CVE-2022-42719 |
416 |
|
Exec Code |
2022-10-13 |
2023-01-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. |
36 |
CVE-2022-42703 |
416 |
|
|
2022-10-09 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. |
37 |
CVE-2022-42329 |
667 |
|
|
2022-12-07 |
2023-01-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). |
38 |
CVE-2022-42328 |
667 |
|
|
2022-12-07 |
2023-01-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). |
39 |
CVE-2022-41858 |
416 |
|
+Info |
2023-01-17 |
2023-01-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. |
40 |
CVE-2022-41850 |
362 |
|
|
2022-09-30 |
2022-12-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. |
41 |
CVE-2022-41849 |
362 |
|
|
2022-09-30 |
2022-12-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. |
42 |
CVE-2022-41848 |
362 |
|
|
2022-09-30 |
2022-10-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. |
43 |
CVE-2022-41674 |
787 |
|
Overflow |
2022-10-14 |
2022-11-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. |
44 |
CVE-2022-41222 |
416 |
|
|
2022-09-21 |
2022-11-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. |
45 |
CVE-2022-41218 |
416 |
|
|
2022-09-21 |
2023-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. |
46 |
CVE-2022-40768 |
668 |
|
+Info |
2022-09-18 |
2022-12-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. |
47 |
CVE-2022-40476 |
476 |
|
DoS |
2022-09-14 |
2022-09-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service. |
48 |
CVE-2022-40307 |
416 |
|
|
2022-09-09 |
2022-11-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. |
49 |
CVE-2022-40133 |
416 |
|
DoS +Priv |
2022-09-09 |
2022-09-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). |
50 |
CVE-2022-39842 |
190 |
|
Overflow Bypass |
2022-09-05 |
2022-12-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
** DISPUTED ** An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen. |