CVE Daily
← All tags

Tag: Linux Kernel

All CVEs associated with "Linux Kernel". Page 113/168 • 20117 CVEs.

Subscribe CVEs: RSS for “Linux Kernel”  ·  RSS (High+Critical only)

About “Linux Kernel”

A curated feed of “Linux Kernel”-related CVEs appears below. We currently track 20117 CVEs for this tag (all time). In the last 365 days, 6173 were published. Average CVSS is 6.4 (all time; 6.4 over 365d), and 35% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-476 - NULL Pointer Dereference, CWE-401 - Missing Release of Memory after Effective Lifetime, CWE-416 - Use After Free.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-05-15
High

CVE-2023-2124

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to cras…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2023-05-10
High

CVE-2023-28410

Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially en…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2023-22447

Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure…

CVSS: 2.0 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Low

CVE-2022-41808

Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 3.3 CWE: CWE-92 View on NVD
2023-05-09
High

CVE-2023-2156

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to…

CVSS: 7.5 CWE: CWE-617 - Reachable Assertion View on NVD
Medium

CVE-2023-29104

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of…

CVSS: 6.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-05-08
Medium

CVE-2023-2513

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cau…

CVSS: 6.7 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-32233

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged l…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2023-05-05
Medium

CVE-2023-32269

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However,…

CVSS: 6.7 CWE: CWE-416 - Use After Free View on NVD
2023-05-03
High

CVE-2022-3405

Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2022-30995

Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows,…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
2023-05-01
High

CVE-2023-2236

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case o…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-2235

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2023-04-28
Medium

CVE-2023-26022

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force…

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-26021

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-27555

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Fo…

CVSS: 5.1 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-25930

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 serve…

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-31436

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2023-04-27
High

CVE-2023-29255

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-For…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2023-04-26
Medium

CVE-2023-27559

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-For…

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2022-45456

Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161.

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2023-0458

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable…

CVSS: 5.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-29257

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/writ…

CVSS: 7.2 CWE: N/A View on NVD
2023-04-25
High

CVE-2023-30549

Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid…

CVSS: 7.1 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-2269

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub…

CVSS: 4.4 CWE: CWE-413 - Improper Resource Locking View on NVD
2023-04-24
Medium

CVE-2023-2019

A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to cr…

CVSS: 4.4 CWE: CWE-911 - Improper Update of Reference Count View on NVD
High

CVE-2023-2006

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an ob…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Critical

CVE-2023-25133

Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, Powe…

CVSS: 9.1 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2023-25132

Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6…

CVSS: 9.1 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Critical

CVE-2023-25131

Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remo…

CVSS: 9.4 CWE: CWE-1393 - Use of Default Password View on NVD
Medium

CVE-2023-31085

An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.

CVSS: 5.5 CWE: CWE-369 - Divide By Zero View on NVD
Medium

CVE-2023-31084

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interrup…

CVSS: 5.5 CWE: CWE-833 - Deadlock View on NVD
Medium

CVE-2023-31083

An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is s…

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2023-31082

An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been di…

CVSS: 5.5 CWE: CWE-763 - Release of Invalid Pointer or Reference View on NVD
Medium

CVE-2023-31081

An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->m…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2023-04-22
Medium

CVE-2023-25514

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file.…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-25513

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file.…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-25512

NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2023-25511

NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by-zero error may enable a user to cause a crash, which may lead to a limited denial of service.

CVSS: 3.3 CWE: CWE-369 - Divide By Zero View on NVD
Low

CVE-2023-25510

NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service.

CVSS: 3.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-0199

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering.

CVSS: 6.1 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-0190

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-0184

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and da…

CVSS: 8.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
2023-04-21
Medium

CVE-2023-1998

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that…

CVSS: 5.6 CWE: CWE-1303 - Non-Transparent Sharing of Microarchitectural Resources View on NVD
2023-04-20
Medium

CVE-2023-2194

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the si…

CVSS: 6.7 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-2177

A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be acces…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2023-2176

A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize t…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-04-19
Medium

CVE-2023-2166

A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-28328

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-28327

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-1382

A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c i…

CVSS: 4.7 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-2162

A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal info…

CVSS: 5.5 CWE: CWE-416 - Use After Free View on NVD
2023-04-16
Medium

CVE-2023-30772

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.

CVSS: 6.4 CWE: CWE-416 - Use After Free View on NVD
2023-04-14
High

CVE-2023-2008

A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can re…

CVSS: 7.8 CWE: CWE-129 - Improper Validation of Array Index View on NVD
2023-04-13
Medium

CVE-2022-33297

Information disclosure due to buffer overread in Linux sensors

CVSS: 6.8 CWE: CWE-126 - Buffer Over-read View on NVD
2023-04-12
Medium

CVE-2023-1990

A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.

CVSS: 4.7 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-1872

A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-1829

A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly d…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2023-04-11
High

CVE-2023-1989

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a…

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-1939

No access control for the OTP key   on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allow…

CVSS: 4.3 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2022-27485

A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x a…

CVSS: 6.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2023-04-10
Medium

CVE-2023-30456

An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.

CVSS: 6.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
2023-04-08
Medium

CVE-2023-24626

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, caus…

CVSS: 6.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2023-04-05
Medium

CVE-2023-1855

A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the…

CVSS: 6.3 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-1582

A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-20117

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute…

CVSS: 7.2 CWE: CWE-146 - Improper Neutralization of Expression/Command Delimiters View on NVD
High

CVE-2023-1838

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to cras…

CVSS: 7.1 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-20128

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute…

CVSS: 7.2 CWE: CWE-146 - Improper Neutralization of Expression/Command Delimiters View on NVD
2023-04-04
Medium

CVE-2023-28842

Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon compone…

CVSS: 6.8 CWE: CWE-420 - Unprotected Alternate Channel View on NVD
Medium

CVE-2023-28841

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon componen…

CVSS: 6.8 CWE: CWE-311 - Missing Encryption of Sensitive Data View on NVD
High

CVE-2023-28840

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon componen…

CVSS: 7.5 CWE: CWE-420 - Unprotected Alternate Channel View on NVD
2023-04-03
Medium

CVE-2023-1611

A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea

CVSS: 6.3 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-0977

A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the s…

CVSS: 6.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2023-04-01
Medium

CVE-2023-0198

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, inf…

CVSS: 6.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2023-0194

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service.

CVSS: 2.0 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
High

CVE-2023-0191

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering.

CVSS: 7.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2023-0189

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, an…

CVSS: 8.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
Medium

CVE-2023-0188

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of…

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2023-0187

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service.

CVSS: 6.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-0185

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information…

CVSS: 6.7 CWE: CWE-196 - Unsigned to Signed Conversion Error View on NVD
High

CVE-2023-0183

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering.

CVSS: 7.1 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-0181

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and da…

CVSS: 7.1 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
High

CVE-2023-0180

NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure.

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-0208

NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerabilit…

CVSS: 8.4 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2023-03-31
High

CVE-2023-28464

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a doub…

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
2023-03-30
High

CVE-2023-1670

A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-4744

A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This f…

CVSS: 7.8 CWE: CWE-460 - Improper Cleanup on Thrown Exception View on NVD
2023-03-29
High

CVE-2023-1652

A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a…

CVSS: 7.1 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-1656

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stol…

CVSS: 7.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
Medium

CVE-2022-42432

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged…

CVSS: 4.4 CWE: CWE-457 - Use of Uninitialized Variable View on NVD
2023-03-27
Medium

CVE-2023-1637

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming C…

CVSS: 5.5 CWE: CWE-226 - Sensitive Information in Resource Not Removed Before Reuse View on NVD
High

CVE-2023-0210

A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems.

CVSS: 7.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-0179

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Es…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-1380

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len d…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-1079

A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Sim…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-1078

A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigg…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-1077

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition woul…

CVSS: 7.0 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Medium

CVE-2023-1076

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devi…

CVSS: 5.5 CWE: CWE-791 - Incomplete Filtering of Special Elements View on NVD
Low

CVE-2023-1075

A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2023-1074

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. T…

CVSS: 5.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2023-1073

A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially esc…

CVSS: 6.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2021-3923

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniba…

CVSS: 2.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2022-4126

Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.

CVSS: 9.6 CWE: CWE-1393 - Use of Default Password View on NVD
Medium

CVE-2023-28866

In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-03-24
Medium

CVE-2023-1583

A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2020-36691

An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.

CVSS: 5.5 CWE: CWE-674 - Uncontrolled Recursion View on NVD
2023-03-23
High

CVE-2023-1252

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-1249

A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files…

CVSS: 5.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-0590

A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix…

CVSS: 4.7 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-28772

An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.

CVSS: 6.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2023-03-22
High

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capabl…

CVSS: 7.8 CWE: CWE-282 - Improper Ownership Management View on NVD
High

CVE-2022-4095

A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service a…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-1281

Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-25590

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-03-21
High

CVE-2023-1262

Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network.

CVSS: 8.2 CWE: CWE-862 - Missing Authorization View on NVD
2023-03-19
High

CVE-2022-48425

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.

CVSS: 7.8 CWE: CWE-763 - Release of Invalid Pointer or Reference View on NVD
High

CVE-2022-48424

In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-48423

In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-48422

ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2023-03-16
High

CVE-2023-1390

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in…

CVSS: 7.5 CWE: CWE-1050 - Excessive Platform Resource Consumption within a Loop View on NVD