Vulnerabilities > Linux > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-1476 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code.
local
high complexity
linux redhat CWE-416
7.0
2023-11-03 CVE-2023-1194 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel.
network
low complexity
linux fedoraproject CWE-125
8.1
2023-11-01 CVE-2023-5178 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel.
network
low complexity
linux redhat netapp CWE-416
8.8
2023-10-27 CVE-2023-46813 Unspecified vulnerability in Linux Kernel
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers.
local
high complexity
linux
7.0
2023-10-25 CVE-2023-5717 Out-of-bounds Write vulnerability in Linux Kernel
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
local
low complexity
linux CWE-787
7.8
2023-10-23 CVE-2023-5633 Use After Free vulnerability in multiple products
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface.
local
low complexity
linux redhat CWE-416
7.8
2023-10-16 CVE-2023-45898 Use After Free vulnerability in Linux Kernel
The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.
local
low complexity
linux CWE-416
7.8
2023-10-15 CVE-2023-45871 Incorrect Calculation of Buffer Size vulnerability in multiple products
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3.
high complexity
linux debian CWE-131
7.5
2023-10-04 CVE-2023-39191 An improper input validation flaw was found in the eBPF subsystem in the Linux kernel.
local
low complexity
linux fedoraproject redhat
8.2
2023-10-03 CVE-2023-5345 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.
local
low complexity
linux fedoraproject CWE-416
7.8