Linux : Security Vulnerabilities CVSS score between 7 and 7.99
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.
| Max Base Score | 7.8 |
| Published | 2023-08-14 |
| Updated | 2023-09-10 |
| EPSS | 0.04% |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
| Max Base Score | 7.0 |
| Published | 2023-06-18 |
| Updated | 2023-08-03 |
| EPSS | 0.04% |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
| Max Base Score | 7.0 |
| Published | 2023-06-18 |
| Updated | 2023-08-03 |
| EPSS | 0.04% |
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
| Max Base Score | 7.0 |
| Published | 2023-06-18 |
| Updated | 2023-08-03 |
| EPSS | 0.04% |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.
| Max Base Score | 7.0 |
| Published | 2023-06-18 |
| Updated | 2023-08-03 |
| EPSS | 0.04% |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
| Max Base Score | 7.0 |
| Published | 2023-06-18 |
| Updated | 2023-08-03 |
| EPSS | 0.04% |
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
| Max Base Score | 7.0 |
| Published | 2023-06-18 |
| Updated | 2023-08-03 |
| EPSS | 0.04% |
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
| Max Base Score | 7.8 |
| Published | 2023-06-16 |
| Updated | 2023-09-11 |
| EPSS | 0.04% |
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
| Max Base Score | 7.8 |
| Published | 2023-07-05 |
| Updated | 2023-09-11 |
| EPSS | 0.05% |
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
| Max Base Score | 7.5 |
| Published | 2023-07-24 |
| Updated | 2023-08-02 |
| EPSS | 0.24% |
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
| Max Base Score | 7.5 |
| Published | 2023-07-24 |
| Updated | 2023-09-15 |
| EPSS | 0.52% |
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
| Max Base Score | 7.5 |
| Published | 2023-07-24 |
| Updated | 2023-09-15 |
| EPSS | 0.52% |
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
| Max Base Score | 7.8 |
| Published | 2023-05-08 |
| Updated | 2023-07-27 |
| EPSS | 0.04% |
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
| Max Base Score | 7.8 |
| Published | 2023-04-28 |
| Updated | 2023-08-18 |
| EPSS | 0.04% |
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
| Max Base Score | 7.8 |
| Published | 2023-07-05 |
| Updated | 2023-09-11 |
| EPSS | 0.05% |
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
| Max Base Score | 7.0 |
| Published | 2023-03-16 |
| Updated | 2023-08-18 |
| EPSS | 0.04% |
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
| Max Base Score | 7.8 |
| Published | 2023-03-31 |
| Updated | 2023-08-11 |
| EPSS | 0.04% |
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.
| Max Base Score | 7.1 |
| Published | 2023-02-26 |
| Updated | 2023-08-04 |
| EPSS | 0.04% |
In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.
| Max Base Score | 7.8 |
| Published | 2023-02-26 |
| Updated | 2023-05-19 |
| EPSS | 0.04% |
In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.
| Max Base Score | 7.8 |
| Published | 2023-02-26 |
| Updated | 2023-05-12 |
| EPSS | 0.04% |
In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size.
| Max Base Score | 7.8 |
| Published | 2023-02-25 |
| Updated | 2023-06-26 |
| EPSS | 0.04% |
afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.
| Max Base Score | 7.8 |
| Published | 2023-02-21 |
| Updated | 2023-04-06 |
| EPSS | 0.04% |
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
| Max Base Score | 7.8 |
| Published | 2023-01-13 |
| Updated | 2023-07-20 |
| EPSS | 0.04% |
In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.
| Max Base Score | 7.8 |
| Published | 2023-02-28 |
| Updated | 2023-03-31 |
| EPSS | 0.04% |
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().
We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.
| Max Base Score | 7.8 |
| Published | 2023-09-12 |
| Updated | 2023-09-14 |
| EPSS | 0.04% |