6.3.9

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-09	CVE-2023-4273	Out-of-bounds Write vulnerability in multiple products A flaw was found in the exFAT driver of the Linux kernel. local low complexity linux fedoraproject redhat debian netapp CWE-787	6.7
2023-08-07	CVE-2023-4147	Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. local low complexity linux fedoraproject redhat debian CWE-416	7.8
2023-08-07	CVE-2023-4194	A flaw was found in the Linux kernel's TUN/TAP functionality. local low complexity linux redhat fedoraproject debian	5.5
2023-07-31	CVE-2023-4004	Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. local low complexity linux fedoraproject redhat netapp debian CWE-416	7.8
2023-07-24	CVE-2023-33951	Improper Locking vulnerability in multiple products A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. local high complexity linux redhat CWE-667	5.3
2023-07-24	CVE-2023-33952	Double Free vulnerability in multiple products A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. local low complexity linux redhat CWE-415	6.7
2023-07-24	CVE-2023-3863	Use After Free vulnerability in multiple products A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. local high complexity linux debian CWE-416	4.1
2023-07-21	CVE-2023-3609	Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). local low complexity linux debian CWE-416	7.8
2023-07-21	CVE-2023-3610	Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. local low complexity linux debian CWE-416	7.8
2023-07-21	CVE-2023-3611	Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. local low complexity linux debian CWE-787	7.8