An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-08-14
Updated
2024-01-11
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-06-16
Updated
2023-11-02
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-07-26
Updated
2023-09-11
Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator.
Source: Canonical Ltd.
Max CVSS
7.5
EPSS Score
0.12%
Published
2023-06-06
Updated
2023-06-16
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-07-05
Updated
2024-02-01
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
Source: Google Inc.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-09-06
Updated
2023-11-29
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
Source: Red Hat, Inc.
Max CVSS
7.1
EPSS Score
0.04%
Published
2023-07-24
Updated
2024-05-22
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).
Source: Google Inc.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-06-28
Updated
2023-10-26
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.16%
Published
2023-07-26
Updated
2023-08-03
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.
Source: Red Hat, Inc.
Max CVSS
7.1
EPSS Score
0.04%
Published
2023-03-27
Updated
2023-12-08
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-04-13
Updated
2023-04-19
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
Source: Red Hat, Inc.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-03-27
Updated
2023-08-11
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.
Source: MITRE
Max CVSS
7.0
EPSS Score
0.10%
Published
2022-09-21
Updated
2023-07-21
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.18%
Published
2022-10-31
Updated
2023-07-19

CVE-2022-34918

Public exploit
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.64%
Published
2022-07-04
Updated
2023-09-12
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
Source: Google Inc.
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-05-17
Updated
2023-06-28
Apport does not disable python crash handler before entering chroot
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-06-04
Updated
2024-06-11
is_closing_session() allows users to create arbitrary tcp dbus connections
Source: Canonical Ltd.
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-06-04
Updated
2024-06-11
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.
Source: Cisco Systems, Inc.
Max CVSS
7.5
EPSS Score
0.25%
Published
2022-01-14
Updated
2023-10-01
Race condition in snap-confine's must_mkdir_and_open_with_perms()
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-01-08
Updated
2024-01-12
io_uring UAF, Unix SCM garbage collection
Source: Canonical Ltd.
Max CVSS
7.0
EPSS Score
0.05%
Published
2024-01-08
Updated
2024-01-12
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-08
Updated
2024-01-12
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-01-08
Updated
2024-01-12
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-01-08
Updated
2024-01-19
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
Source: Google Inc.
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-03-29
Updated
2024-05-21
1080 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!