Download
| Alert*
|
CVE-2023-1195
A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. CVE-2023-0469 A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service. CVE-2023-0045 The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set ��function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next ... CVE-2022-2196 A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.��L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB��after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code exe ... CVE-2023-23559 In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. CVE-2022-4382 A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. CVE-2023-0266 A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.��SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit��56b8 ... CVE-2022-42328 Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet ... CVE-2022-42329 Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet ... |
