Vulnerabilities > Linux > Linux Kernel > 6.6.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2024-1085 | Use After Free vulnerability in Linux Kernel A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7. | 7.8 |
| 2024-01-31 | CVE-2024-1086 | Use After Free vulnerability in Linux Kernel A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. | 7.8 |
| 2024-01-30 | CVE-2024-21803 | Use After Free vulnerability in Linux Kernel Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. | 7.8 |
| 2024-01-29 | CVE-2023-46838 | NULL Pointer Dereference vulnerability in multiple products Transmit requests in Xen's virtual network protocol can consist of multiple parts. | 7.5 |
| 2024-01-28 | CVE-2023-6200 | Race Condition vulnerability in Linux Kernel A race condition was found in the Linux Kernel. | 7.5 |
| 2024-01-25 | CVE-2024-23307 | Integer Overflow or Wraparound vulnerability in Linux Kernel Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow. | 7.8 |
| 2024-01-23 | CVE-2024-22705 | Out-of-bounds Read vulnerability in Linux Kernel An issue was discovered in ksmbd in the Linux kernel before 6.6.10. | 7.8 |
| 2024-01-23 | CVE-2024-23848 | Use After Free vulnerability in Linux Kernel In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. | 5.5 |
| 2024-01-23 | CVE-2024-23849 | Off-by-one Error vulnerability in Linux Kernel In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. | 5.5 |
| 2024-01-23 | CVE-2024-23850 | Unspecified vulnerability in Linux Kernel In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. | 5.5 |