Vulnerabilities > Linux > Linux Kernel > 5.4.130

DATE CVE VULNERABILITY TITLE RISK
2023-02-28 CVE-2023-22995 Unspecified vulnerability in Linux Kernel
In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.
local
low complexity
linux
7.8
2023-02-26 CVE-2023-26607 Out-of-bounds Read vulnerability in multiple products
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.
local
low complexity
linux netapp CWE-125
7.1
2023-02-25 CVE-2023-26545 Double Free vulnerability in multiple products
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
local
high complexity
linux netapp CWE-415
4.7
2023-02-22 CVE-2023-23039 Race Condition vulnerability in Linux Kernel
An issue was discovered in the Linux kernel through 6.2.0-rc2.
high complexity
linux CWE-362
5.7
2023-02-21 CVE-2023-26242 Integer Overflow or Wraparound vulnerability in Linux Kernel
afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.
local
low complexity
linux CWE-190
7.8
2023-02-06 CVE-2023-0615 Memory Leak vulnerability in Linux Kernel
A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality.
local
low complexity
linux CWE-401
5.5
2023-02-02 CVE-2023-25012 Use After Free vulnerability in Linux Kernel
The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.
low complexity
linux CWE-416
4.6
2023-01-30 CVE-2023-0240 Use After Free vulnerability in Linux Kernel
There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity.
local
low complexity
linux CWE-416
7.8
2023-01-30 CVE-2023-0266 Use After Free vulnerability in Linux Kernel
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user.
local
low complexity
linux CWE-416
7.8
2023-01-27 CVE-2022-4139 Memory Leak vulnerability in Linux Kernel
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks.
local
low complexity
linux CWE-401
7.8