6.3.4

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-05	CVE-2023-31248	Use After Free vulnerability in multiple products Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace local low complexity linux fedoraproject debian canonical CWE-416	7.8
2023-07-05	CVE-2023-35001	Out-of-bounds Write vulnerability in multiple products Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace local low complexity linux debian fedoraproject netapp CWE-787	7.8
2023-06-30	CVE-2023-1206	Resource Exhaustion vulnerability in multiple products A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. low complexity linux redhat fedoraproject CWE-400	5.7
2023-06-30	CVE-2023-3338	NULL Pointer Dereference vulnerability in multiple products A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. network low complexity linux netapp debian CWE-476	6.5
2023-06-28	CVE-2023-3390	Use After Free vulnerability in multiple products A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. local low complexity linux netapp CWE-416	7.8
2023-06-28	CVE-2023-3389	Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable). local low complexity linux canonical debian CWE-416	7.8
2023-06-23	CVE-2023-3212	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. local low complexity linux fedoraproject redhat debian netapp CWE-476	4.4
2023-06-18	CVE-2023-35827	Use After Free vulnerability in Linux Kernel An issue was discovered in the Linux kernel through 6.3.8. local high complexity linux CWE-416	7.0
2023-06-16	CVE-2023-35788	Out-of-bounds Write vulnerability in multiple products An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. local low complexity linux debian netapp canonical CWE-787	7.8
2023-06-16	CVE-2023-3268	Out-of-bounds Read vulnerability in multiple products An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. local low complexity linux debian CWE-125	7.1