Vulnerabilities > Canonical > Ubuntu Linux > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-06 | CVE-2023-3777 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. | 7.8 |
2023-09-01 | CVE-2023-3297 | Use After Free vulnerability in Canonical Accountsservice and Ubuntu Linux In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. | 7.8 |
2023-08-14 | CVE-2023-40283 | Use After Free vulnerability in multiple products An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. | 7.8 |
2023-07-26 | CVE-2023-2640 | Incorrect Authorization vulnerability in Canonical Ubuntu Linux 23.04 On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks. | 7.8 |
2023-07-26 | CVE-2023-32629 | Incorrect Authorization vulnerability in Canonical Ubuntu Linux 23.04 Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels | 7.8 |
2023-07-24 | CVE-2023-3567 | Use After Free vulnerability in multiple products A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. | 7.1 |
2023-07-05 | CVE-2023-31248 | Use After Free vulnerability in multiple products Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace | 7.8 |
2023-06-28 | CVE-2023-3389 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable). | 7.8 |
2023-06-16 | CVE-2023-35788 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. | 7.8 |
2023-04-13 | CVE-2023-1326 | Improper Privilege Management vulnerability in Canonical Apport A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. | 7.8 |