Vulnerabilities > Linux > Linux Kernel

DATE CVE VULNERABILITY TITLE RISK
2023-05-05 CVE-2023-32269 Use After Free vulnerability in Linux Kernel
An issue was discovered in the Linux kernel before 6.1.11.
local
low complexity
linux CWE-416
6.7
2023-05-01 CVE-2023-2235 Use After Free vulnerability in Linux Kernel
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.
local
low complexity
linux CWE-416
7.8
2023-05-01 CVE-2023-2236 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.
local
low complexity
linux netapp CWE-416
7.8
2023-04-28 CVE-2023-31436 Out-of-bounds Write vulnerability in Linux Kernel
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
local
low complexity
linux CWE-787
7.8
2023-04-26 CVE-2023-0458 NULL Pointer Dereference vulnerability in multiple products
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function.
local
high complexity
linux debian CWE-476
4.7
2023-04-25 CVE-2023-0045 Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall.
network
low complexity
linux debian netapp CWE-610
7.5
2023-04-25 CVE-2023-2269 Improper Locking vulnerability in multiple products
A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.
local
low complexity
linux fedoraproject debian netapp CWE-667
4.4
2023-04-24 CVE-2023-2007 Improper Locking vulnerability in multiple products
The specific flaw exists within the DPT I2O Controller driver.
local
low complexity
linux debian netapp CWE-667
7.8
2023-04-24 CVE-2023-2006 Race Condition vulnerability in multiple products
A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles.
local
high complexity
linux netapp CWE-362
7.0
2023-04-24 CVE-2023-2019 A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events.
local
low complexity
linux redhat
4.4