CVE Daily
← All tags

Tag: Linux Kernel

All CVEs associated with "Linux Kernel". Page 112/168 • 20117 CVEs.

Subscribe CVEs: RSS for “Linux Kernel”  ·  RSS (High+Critical only)

About “Linux Kernel”

A curated feed of “Linux Kernel”-related CVEs appears below. We currently track 20117 CVEs for this tag (all time). In the last 365 days, 6173 were published. Average CVSS is 6.4 (all time; 6.4 over 365d), and 35% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-476 - NULL Pointer Dereference, CWE-401 - Missing Release of Memory after Effective Lifetime, CWE-416 - Use After Free.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-07-18
Medium

CVE-2023-0160

A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.

CVSS: 4.7 CWE: CWE-833 - Deadlock View on NVD
Medium

CVE-2023-34143

Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Ma…

CVSS: 5.6 CWE: CWE-297 - Improper Validation of Certificate with Host Mismatch View on NVD
Critical

CVE-2023-34142

Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Intercep…

CVSS: 9.0 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2022-4146

Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.

CVSS: 7.3 CWE: CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') View on NVD
Medium

CVE-2020-36695

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitach…

CVSS: 6.6 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Critical

CVE-2023-38432

An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification,…

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2023-38431

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, vi…

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2023-38430

An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2023-38429

An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bou…

CVSS: 9.8 CWE: CWE-193 - Off-by-one Error View on NVD
Critical

CVE-2023-38428

An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading t…

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2023-38427

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.

CVSS: 9.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2023-38426

An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-07-17
Medium

CVE-2023-38409

An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_…

CVSS: 5.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Critical

CVE-2023-26512

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send contro…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2023-35012

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user…

CVSS: 6.7 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2023-07-14
Medium

CVE-2023-37268

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user ac…

CVSS: 6.4 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2023-3434

Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value…

CVSS: 4.4 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-3433

The "nickname" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
2023-07-12
Critical

CVE-2023-26563

The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-07-11
Medium

CVE-2023-3108

A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allow…

CVSS: 6.2 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-3269

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problem…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-31190

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure. Specifically, the firmware update procedur…

CVSS: 8.1 CWE: CWE-295 - Improper Certificate Validation View on NVD
2023-07-10
Medium

CVE-2023-24486

A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops sessio…

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2023-32254

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack…

CVSS: 9.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Critical

CVE-2023-32250

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack o…

CVSS: 9.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-30449

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-30448

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-30447

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-30446

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361…

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-30445

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-30442

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper us…

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-30431

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the b…

CVSS: 8.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2023-29256

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features…

CVSS: 5.3 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2023-27869

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injecti…

CVSS: 6.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2023-27868

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instanti…

CVSS: 6.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2023-27867

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted r…

CVSS: 6.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2023-23487

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.

CVSS: 4.3 CWE: N/A View on NVD
2023-07-06
Medium

CVE-2023-37454

An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c.…

CVSS: 5.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-37453

An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.

CVSS: 4.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-07-05
Medium

CVE-2023-36458

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when en…

CVSS: 6.3 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2023-36457

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when add…

CVSS: 6.3 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2023-35001

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-31248

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespa…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2023-07-04
Medium

CVE-2023-21640

Memory corruption in Linux when the file upload API is called with parameters having large buffer.

CVSS: 6.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2023-21637

Memory corruption in Linux while calling system configuration APIs.

CVSS: 6.7 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2023-21633

Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.

CVSS: 6.7 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2023-25523

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A…

CVSS: 3.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-25516

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of…

CVSS: 7.1 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2023-07-01
Critical

CVE-2023-28365

A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host dev…

CVSS: 9.1 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2023-06-30
Medium

CVE-2023-3338

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-1206

A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or w…

CVSS: 5.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-29147

In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two file…

CVSS: 5.5 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
High

CVE-2023-29145

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRAR…

CVSS: 7.8 CWE: CWE-640 - Weak Password Recovery Mechanism for Forgotten Password View on NVD
2023-06-29
High

CVE-2023-36476

calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the…

CVSS: 7.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-06-28
Medium

CVE-2023-3359

An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-3358

A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-3357

A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-3439

A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of…

CVSS: 4.7 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-3390

A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a danglin…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-3355

A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value…

CVSS: 4.7 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-3389

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-3090

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initi…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-1295

A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privile…

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
2023-06-27
Medium

CVE-2023-2818

An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. All versions prior to 7.14.3 are affected. Agents fo…

CVSS: 5.5 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
2023-06-25
Medium

CVE-2015-20109

end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstra…

CVSS: 5.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2023-06-23
Medium

CVE-2023-3212

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure…

CVSS: 4.4 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-3317

A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an…

CVSS: 7.1 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-25520

NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service.

CVSS: 4.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-25515

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data…

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
2023-06-22
Medium

CVE-2023-34241

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memor…

CVSS: 5.3 CWE: CWE-416 - Use After Free View on NVD
2023-06-20
Medium

CVE-2023-3220

An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Poi…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2023-06-19
High

CVE-2023-3312

A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of servi…

CVSS: 7.5 CWE: CWE-415 - Double Free View on NVD
Medium

CVE-2023-3022

A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for…

CVSS: 5.5 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
2023-06-18
High

CVE-2023-35829

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-35828

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-35827

An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-35826

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-35824

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-35823

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2023-06-16
High

CVE-2023-35788

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GEN…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-3268

An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or le…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-25188

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS ba…

CVSS: 5.1 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-06-13
High

CVE-2023-28598

Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash.

CVSS: 7.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2023-06-12
Medium

CVE-2023-3159

A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem w…

CVSS: 6.7 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-3161

A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out…

CVSS: 5.5 CWE: CWE-1335 - Incorrect Bitwise Shift of Integer View on NVD
High

CVE-2022-38156

A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband (NB) before 1.7.5. As an admin user, an attacker can send a crafted password in…

CVSS: 7.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2023-06-09
High

CVE-2023-3141

A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibl…

CVSS: 7.1 CWE: CWE-416 - Use After Free View on NVD
2023-06-06
High

CVE-2022-40525

Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.

CVSS: 7.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2022-40522

Memory corruption in Linux Networking due to double free while handling a hyp-assign.

CVSS: 8.4 CWE: CWE-415 - Double Free View on NVD
Medium

CVE-2022-33303

Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue.

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2022-33267

Memory corruption in Linux while sending DRM request.

CVSS: 6.7 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2022-33227

Memory corruption in Linux android due to double free while calling unregister provider after register call.

CVSS: 6.7 CWE: CWE-415 - Double Free View on NVD
2023-06-05
High

CVE-2023-3111

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before call…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-0636

Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series…

CVSS: 7.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2023-0635

Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Se…

CVSS: 7.8 CWE: CWE-1391 - Use of Weak Credentials View on NVD
2023-06-02
High

CVE-2023-29541

Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certa…

CVSS: 8.8 CWE: CWE-116 - Improper Encoding or Escaping of Output View on NVD
2023-06-01
Medium

CVE-2023-2985

A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.

CVSS: 5.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-2598

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2023-05-31
Medium

CVE-2023-34256

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-48502

An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xatt…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-2612

Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to c…

CVSS: 4.4 CWE: CWE-667 - Improper Locking View on NVD
2023-05-30
Low

CVE-2023-32684

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host…

CVSS: 2.7 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2023-05-26
Medium

CVE-2023-2898

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.

CVSS: 4.7 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-2002

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution o…

CVSS: 6.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
High

CVE-2023-28382

Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follo…

CVSS: 8.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-05-25
Medium

CVE-2023-0459

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This…

CVSS: 6.5 CWE: CWE-763 - Release of Invalid Pointer or Reference View on NVD
2023-05-22
Medium

CVE-2023-33288

An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system d…

CVSS: 4.7 CWE: CWE-416 - Use After Free View on NVD
2023-05-21
Medium

CVE-2020-36694

An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurren…

CVSS: 6.7 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-33251

When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux…

CVSS: 4.7 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2023-33250

The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.

CVSS: 4.4 CWE: CWE-416 - Use After Free View on NVD
2023-05-18
Medium

CVE-2023-1195

A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading…

CVSS: 5.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-45458

Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cybe…

CVSS: 7.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2022-45453

TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.

CVSS: 7.5 CWE: CWE-310 View on NVD
High

CVE-2022-45450

Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 1…

CVSS: 7.5 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2023-33203

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.

CVSS: 6.4 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2023-05-17
Critical

CVE-2023-2319

It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS pac…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2023-2295

A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is no…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-1859

A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race…

CVSS: 4.7 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-2491

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE…

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2023-2203

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD