Vulnerabilities (CVE)

Filtered by vendor Linux Subscribe
Total 10330 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1295 2 Linux, Netapp 6 Linux Kernel, H300s, H410c and 3 more 2024-11-21 N/A 7.8 HIGH
A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.
CVE-2023-1206 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2024-11-21 N/A 5.7 MEDIUM
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
CVE-2023-1193 1 Linux 1 Linux Kernel 2024-11-21 N/A 6.5 MEDIUM
A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.
CVE-2023-1192 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 N/A 6.5 MEDIUM
A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.
CVE-2023-1077 3 Debian, Linux, Netapp 22 Debian Linux, Linux Kernel, 8300 and 19 more 2024-11-21 N/A 7.0 HIGH
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
CVE-2023-1032 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-11-21 N/A 4.7 MEDIUM
The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.
CVE-2023-0977 3 Linux, Microsoft, Trellix 3 Linux Kernel, Windows, Agent 2024-11-21 N/A 6.7 MEDIUM
A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.
CVE-2023-0590 1 Linux 1 Linux Kernel 2024-11-21 N/A 4.7 MEDIUM
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
CVE-2023-0575 4 Apple, Linux, Microsoft and 1 more 5 Iphone Os, Macos, Linux Kernel and 2 more 2024-11-21 N/A 7.2 HIGH
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.
CVE-2023-0461 1 Linux 1 Linux Kernel 2024-11-21 N/A 7.8 HIGH
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c
CVE-2023-0459 1 Linux 1 Linux Kernel 2024-11-21 N/A 6.5 MEDIUM
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
CVE-2023-0458 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 N/A 5.3 MEDIUM
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11
CVE-2023-0210 1 Linux 1 Linux Kernel 2024-11-21 N/A 7.5 HIGH
A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems.
CVE-2023-0196 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Cuda Toolkit 2024-11-21 N/A 3.3 LOW
NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service.
CVE-2023-0193 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Cuda Toolkit 2024-11-21 N/A 4.4 MEDIUM
NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure.
CVE-2023-0179 4 Canonical, Fedoraproject, Linux and 1 more 14 Ubuntu Linux, Fedora, Linux Kernel and 11 more 2024-11-21 N/A 7.8 HIGH
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
CVE-2023-0160 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2024-11-21 N/A 4.7 MEDIUM
A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.
CVE-2023-0041 2 Ibm, Linux 2 Security Guardium, Linux Kernel 2024-11-21 N/A 6.3 MEDIUM
IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657.
CVE-2022-4895 2 Hitachi, Linux 3 Infrastructure Analytics Advisor, Ops Center Analyzer, Linux Kernel 2024-11-21 N/A 8.6 HIGH
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.
CVE-2022-4696 1 Linux 1 Linux Kernel 2024-11-21 N/A 7.8 HIGH
There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above