An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.
Max CVSS
9.1
Published
2023-07-18
Updated
2023-12-22
EPSS
0.14%
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.
Max CVSS
9.1
Published
2023-07-18
Updated
2023-12-15
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.
Max CVSS
9.1
Published
2023-07-18
Updated
2023-12-22
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.
Max CVSS
9.1
Published
2023-07-18
Updated
2023-12-15
EPSS
0.14%
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.
Max CVSS
9.8
Published
2023-07-18
Updated
2023-11-17
EPSS
0.06%
An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.
Max CVSS
9.1
Published
2023-07-18
Updated
2023-12-22
EPSS
0.12%
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
Max CVSS
7.0
Published
2023-06-18
Updated
2024-02-09
EPSS
0.04%
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
Max CVSS
7.0
Published
2023-06-18
Updated
2023-12-04
EPSS
0.04%
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.
Max CVSS
7.0
Published
2023-06-18
Updated
2023-12-04
EPSS
0.04%
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
Max CVSS
7.8
Published
2023-07-05
Updated
2024-01-11
EPSS
0.05%
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
Max CVSS
8.1
Published
2023-07-24
Updated
2023-11-17
EPSS
0.24%
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
Max CVSS
8.1
Published
2023-07-24
Updated
2023-12-22
EPSS
0.52%
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
Max CVSS
7.5
Published
2023-07-24
Updated
2023-12-04
EPSS
0.38%
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
Max CVSS
7.5
Published
2023-07-24
Updated
2023-12-04
EPSS
0.54%
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
Max CVSS
7.0
Published
2023-03-16
Updated
2023-11-09
EPSS
0.04%
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.
Max CVSS
7.8
Published
2023-07-31
Updated
2023-12-29
EPSS
0.14%
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
Max CVSS
7.0
Published
2023-04-11
Updated
2024-01-11
EPSS
0.04%
A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.
Max CVSS
7.1
Published
2023-04-05
Updated
2024-02-15
EPSS
0.04%
A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.
Max CVSS
7.8
Published
2023-06-28
Updated
2023-12-04
EPSS
0.04%
An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.
Max CVSS
7.1
Published
2023-05-31
Updated
2023-12-15
EPSS
0.04%
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
Max CVSS
7.8
Published
2022-02-24
Updated
2023-11-09
EPSS
0.04%

CVE-2022-0492

Public exploit exists
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Max CVSS
7.8
Published
2022-03-03
Updated
2023-12-07
EPSS
9.52%
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
Max CVSS
7.2
Published
2020-04-08
Updated
2023-11-09
EPSS
0.05%
23 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!