CVE-2023-42753
- EPSS 0.51%
- Veröffentlicht 25.09.2023 21:15:15
- Zuletzt bearbeitet 21.11.2024 08:23:06
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory...
CVE-2023-5158
- EPSS 0.2%
- Veröffentlicht 25.09.2023 16:15:15
- Zuletzt bearbeitet 21.11.2024 08:41:12
A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor.
CVE-2023-34319
- EPSS 0.3%
- Veröffentlicht 22.09.2023 14:15:45
- Zuletzt bearbeitet 04.11.2025 20:16:29
The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of ...
CVE-2023-2163
- EPSS 3.55%
- Veröffentlicht 20.09.2023 06:15:10
- Zuletzt bearbeitet 21.11.2024 07:58:03
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.
CVE-2023-4155
- EPSS 0.16%
- Veröffentlicht 13.09.2023 17:15:10
- Zuletzt bearbeitet 21.11.2024 08:34:30
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an...
CVE-2023-4921
- EPSS 0.4%
- Veröffentlicht 12.09.2023 20:15:10
- Zuletzt bearbeitet 13.02.2025 18:15:48
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq...
- EPSS 0.04%
- Veröffentlicht 11.09.2023 17:15:07
- Zuletzt bearbeitet 07.11.2023 04:23:08
Rejected reason: CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.
- EPSS 0.55%
- Veröffentlicht 06.09.2023 14:15:12
- Zuletzt bearbeitet 13.02.2025 18:15:46
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. ...
CVE-2023-4623
- EPSS 0.29%
- Veröffentlicht 06.09.2023 14:15:12
- Zuletzt bearbeitet 20.03.2025 16:59:51
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a pare...
CVE-2023-4015
- EPSS 0.29%
- Veröffentlicht 06.09.2023 14:15:11
- Zuletzt bearbeitet 13.02.2025 17:17:14
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() c...