Linux Kernel Linux Kernel

Do you want an email whenever new security vulnerabilities are reported in Linux Kernel?

By the Year

In 2023 there have been 132 vulnerabilities in Linux Kernel with an average score of 6.4 out of ten. Last year Linux Kernel had 309 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Linux Kernel in 2023 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.00.

Year Vulnerabilities Average Score
2023 132 6.43
2022 309 6.42
2021 162 6.47
2020 120 6.16
2019 275 6.35
2018 155 6.34

It may take a day or so for new Linux Kernel vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Kernel Security Vulnerabilities

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel

CVE-2023-2898 4.7 - Medium - May 26, 2023

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.

Race Condition

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec

CVE-2023-0459 5.5 - Medium - May 25, 2023

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47

Release of Invalid Pointer or Reference

An issue was discovered in the Linux kernel before 6.2.9

CVE-2023-33288 4.7 - Medium - May 22, 2023

An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition.

Dangling pointer

An issue was discovered in netfilter in the Linux kernel before 5.10

CVE-2020-36694 9.8 - Critical - May 21, 2023

An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12.

Dangling pointer

The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.

CVE-2023-33250 9.8 - Critical - May 21, 2023

The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.

Dangling pointer

A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel

CVE-2023-1195 5.5 - Medium - May 18, 2023

A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request.

Dangling pointer

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.

CVE-2023-33203 6.4 - Medium - May 18, 2023

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.

Race Condition

A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel

CVE-2023-1859 4.7 - Medium - May 17, 2023

A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.

Dangling pointer

An out-of-bounds memory access flaw was found in the Linux kernels XFS file system in how a user restores an XFS image after failure (with a dirty log journal)

CVE-2023-2124 7.8 - High - May 15, 2023

An out-of-bounds memory access flaw was found in the Linux kernels XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.

Memory Corruption

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol

CVE-2023-2156 7.5 - High - May 09, 2023

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.

assertion failure

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes

CVE-2023-2513 6.7 - Medium - May 08, 2023

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.

Dangling pointer

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests

CVE-2023-32233 7.8 - High - May 08, 2023

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.

Dangling pointer

An issue was discovered in the Linux kernel before 6.1.11

CVE-2023-32269 6.7 - Medium - May 05, 2023

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.

Dangling pointer

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation

CVE-2023-2235 7.8 - High - May 01, 2023

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.

Dangling pointer

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation

CVE-2023-2236 7.8 - High - May 01, 2023

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.

Dangling pointer

** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority

CVE-2023-2248 - May 01, 2023

** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436.

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13

CVE-2023-31436 7.8 - High - April 28, 2023

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

Memory Corruption

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function

CVE-2023-0458 4.7 - Medium - April 26, 2023

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11

NULL Pointer Dereference

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall

CVE-2023-0045 7.5 - High - April 25, 2023

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96

Externally Controlled Reference to a Resource in Another Sphere

A denial of service problem was found

CVE-2023-2269 4.4 - Medium - April 25, 2023

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.

Improper Locking

The specific flaw exists within the DPT I2O Controller driver

CVE-2023-2007 7.8 - High - April 24, 2023

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.

Improper Locking

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles

CVE-2023-2006 7 - High - April 24, 2023

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.

Race Condition

A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events

CVE-2023-2019 4.4 - Medium - April 24, 2023

A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.

An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2

CVE-2023-31081 5.5 - Medium - April 24, 2023

An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux).

NULL Pointer Dereference

An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2

CVE-2023-31082 5.5 - Medium - April 24, 2023

An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel.

Release of Invalid Pointer or Reference

An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2

CVE-2023-31083 4.7 - Medium - April 24, 2023

An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.

Race Condition

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2

CVE-2023-31084 5.5 - Medium - April 24, 2023

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.

An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2

CVE-2023-31085 5.5 - Medium - April 24, 2023

An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.

Divide By Zero

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL

CVE-2023-1998 5.6 - Medium - April 21, 2023

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.

Side Channel Attack

A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel

CVE-2023-2176 7.8 - High - April 20, 2023

A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.

Out-of-bounds Read

A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel

CVE-2023-2177 5.5 - Medium - April 20, 2023

A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.

NULL Pointer Dereference

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver

CVE-2023-2194 6.7 - Medium - April 20, 2023

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.

Memory Corruption

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel

CVE-2023-28327 5.5 - Medium - April 19, 2023

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.

NULL Pointer Dereference

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel

CVE-2023-28328 5.5 - Medium - April 19, 2023

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.

NULL Pointer Dereference

A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux

CVE-2023-2166 5.5 - Medium - April 19, 2023

A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.

NULL Pointer Dereference

A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set

CVE-2023-1382 4.7 - Medium - April 19, 2023

A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.

NULL Pointer Dereference

A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel

CVE-2023-2162 5.5 - Medium - April 19, 2023

A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.

Dangling pointer

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.

CVE-2023-30772 6.4 - Medium - April 16, 2023

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.

Dangling pointer

A flaw was found in the Linux kernel's udmabuf device driver

CVE-2023-2008 7.8 - High - April 14, 2023

A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.

out-of-bounds array index

A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel

CVE-2023-1990 4.7 - Medium - April 12, 2023

A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.

Dangling pointer

A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation

CVE-2023-1872 7 - High - April 12, 2023

A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.

Dangling pointer

A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex)

CVE-2023-1829 7.8 - High - April 12, 2023

A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.

Dangling pointer

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel

CVE-2023-1989 7 - High - April 11, 2023

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

Dangling pointer

An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8

CVE-2023-30456 6.5 - Medium - April 10, 2023

An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.

It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method

CVE-2020-11935 5.5 - Medium - April 07, 2023

It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.

A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon)

CVE-2023-1855 6.3 - Medium - April 05, 2023

A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.

Dangling pointer

A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel

CVE-2023-1582 4.7 - Medium - April 05, 2023

A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.

Race Condition

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget

CVE-2023-1838 7.1 - High - April 05, 2023

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.

Dangling pointer

A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw

CVE-2023-1611 6.3 - Medium - April 03, 2023

A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea

Dangling pointer

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush)

CVE-2023-28464 7.8 - High - March 31, 2023

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.

Double-free

A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

CVE-2023-1670 7.8 - High - March 30, 2023

A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Dangling pointer

A double-free flaw was found in the Linux kernels TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier)

CVE-2022-4744 7.8 - High - March 30, 2023

A double-free flaw was found in the Linux kernels TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.

Double-free

A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel

CVE-2023-1652 7.1 - High - March 29, 2023

A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.

Dangling pointer

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2

CVE-2022-42432 4.4 - Medium - March 29, 2023

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540.

Use of Uninitialized Variable

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU

CVE-2023-1637 5.5 - Medium - March 27, 2023

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.

Improper Removal of Sensitive Information Before Storage or Transfer

A bug affects the Linux kernels ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems.

CVE-2023-0210 7.5 - High - March 27, 2023

A bug affects the Linux kernels ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems.

Memory Corruption

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel

CVE-2023-0179 7.8 - High - March 27, 2023

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

Integer Overflow or Wraparound

A flaw was found in the Linux Kernel

CVE-2023-1075 3.3 - Low - March 27, 2023

A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.

Object Type Confusion

A flaw was found in the Linux Kernel

CVE-2023-1076 5.5 - Medium - March 27, 2023

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.

Object Type Confusion

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol

CVE-2023-1074 5.5 - Medium - March 27, 2023

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.

Memory Leak

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head

CVE-2023-1077 7.8 - High - March 27, 2023

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.

Object Type Confusion

A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol

CVE-2023-1078 7.8 - High - March 27, 2023

A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.

Object Type Confusion

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel

CVE-2023-1380 7.1 - High - March 27, 2023

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.

Out-of-bounds Read

A flaw was found in the Linux kernel's implementation of RDMA over infiniband

CVE-2021-3923 2.3 - Low - March 27, 2023

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.

A memory corruption flaw was found in the Linux kernels human interface device (HID) subsystem in how a user inserts a malicious USB device

CVE-2023-1073 6.6 - Medium - March 27, 2023

A memory corruption flaw was found in the Linux kernels human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Memory Corruption

A flaw was found in the Linux kernel

CVE-2023-1079 6.8 - Medium - March 27, 2023

A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.

Dangling pointer

In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c

CVE-2023-28866 5.3 - Medium - March 27, 2023

In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.

Out-of-bounds Read

A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel

CVE-2023-1583 5.5 - Medium - March 24, 2023

A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.

NULL Pointer Dereference

An issue was discovered in the Linux kernel before 5.8

CVE-2020-36691 5.5 - Medium - March 24, 2023

An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.

Stack Exhaustion

A flaw was found in KVM

CVE-2023-1513 3.3 - Low - March 23, 2023

A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.

Improper Initialization

A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem

CVE-2023-0590 4.7 - Medium - March 23, 2023

A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.

Dangling pointer

A use-after-free flaw was found in the Linux kernels core dump subsystem

CVE-2023-1249 5.5 - Medium - March 23, 2023

A use-after-free flaw was found in the Linux kernels core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.

Dangling pointer

A use-after-free flaw was found in the Linux kernels Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage

CVE-2023-1252 7.8 - High - March 23, 2023

A use-after-free flaw was found in the Linux kernels Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected.

Dangling pointer

An issue was discovered in the Linux kernel before 5.13.3

CVE-2023-28772 7.8 - High - March 23, 2023

An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.

Classic Buffer Overflow

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernels OverlayFS subsystem in how a user copies a capable file

CVE-2023-0386 7.8 - High - March 22, 2023

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernels OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

A use-after-free flaw was found in Linux kernel before 5.19.2

CVE-2022-4095 7.8 - High - March 22, 2023

A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.

Dangling pointer

Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation

CVE-2023-1281 7.8 - High - March 22, 2023

Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.

Dangling pointer

In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset

CVE-2022-48424 7.8 - High - March 19, 2023

In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.

In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names

CVE-2022-48423 7.8 - High - March 19, 2023

In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree

CVE-2022-48425 7.8 - High - March 19, 2023

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.

Release of Invalid Pointer or Reference

A remote denial of service vulnerability was found in the Linux kernels TIPC kernel module

CVE-2023-1390 7.5 - High - March 16, 2023

A remote denial of service vulnerability was found in the Linux kernels TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call

CVE-2023-28466 7 - High - March 16, 2023

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

NULL Pointer Dereference

A use-after-free flaw was found in the Linux kernels nouveau driver in how a user triggers a memory overflow

CVE-2023-0030 7.8 - High - March 08, 2023

A use-after-free flaw was found in the Linux kernels nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Dangling pointer

A use-after-free flaw was found in the Linux kernels SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user

CVE-2022-3424 7.8 - High - March 06, 2023

A use-after-free flaw was found in the Linux kernels SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Dangling pointer

A double-free memory flaw was found in the Linux kernel

CVE-2022-3707 5.5 - Medium - March 06, 2023

A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.

Double-free

A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device

CVE-2023-1118 7.8 - High - March 02, 2023

A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Dangling pointer

In the Linux kernel before 5.16

CVE-2023-23003 7.8 - High - March 01, 2023

In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.

Unchecked Return Value

In the Linux kernel before 5.15.13

CVE-2023-23006 5.5 - Medium - March 01, 2023

In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

NULL Pointer Dereference

** DISPUTED ** In the Linux kernel before 6.2

CVE-2023-23005 5.5 - Medium - March 01, 2023

** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.

NULL Pointer Dereference

In the Linux kernel before 5.19

CVE-2023-23004 5.5 - Medium - March 01, 2023

In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

NULL Pointer Dereference

In the Linux kernel before 5.16.3

CVE-2023-23002 5.5 - Medium - March 01, 2023

In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

NULL Pointer Dereference

In the Linux kernel before 5.16.3

CVE-2023-23001 5.5 - Medium - March 01, 2023

In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

NULL Pointer Dereference

In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value

CVE-2023-23000 5.5 - Medium - March 01, 2023

In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.

NULL Pointer Dereference

In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object

CVE-2023-1095 5.5 - Medium - February 28, 2023

In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.

NULL Pointer Dereference

In the Linux kernel before 5.16.3

CVE-2023-22999 5.5 - Medium - February 28, 2023

In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

NULL Pointer Dereference

In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g

CVE-2023-22996 5.5 - Medium - February 28, 2023

In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device.

Missing Release of Resource after Effective Lifetime

In the Linux kernel before 6.0.3

CVE-2023-22998 5.5 - Medium - February 28, 2023

In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

Interpretation Conflict

In the Linux kernel before 6.1.2

CVE-2023-22997 5.5 - Medium - February 28, 2023

In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

NULL Pointer Dereference

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation

CVE-2023-0461 7.8 - High - February 28, 2023

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c

Dangling pointer

In the Linux kernel before 5.17

CVE-2023-22995 7.8 - High - February 28, 2023

In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Linux Kernel or by Linux? Click the Watch button to subscribe.

Linux
Vendor

Linux Kernel
Product

subscribe