CVE-2023-38431
- EPSS 1.06%
- Veröffentlicht 18.07.2023 00:15:09
- Zuletzt bearbeitet 21.11.2024 08:13:33
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to a...
CVE-2023-38432
- EPSS 2.38%
- Veröffentlicht 18.07.2023 00:15:09
- Zuletzt bearbeitet 21.11.2024 08:13:33
An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.
CVE-2023-21255
- EPSS 0.19%
- Veröffentlicht 13.07.2023 00:15:24
- Zuletzt bearbeitet 13.02.2025 17:16:02
In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21400
- EPSS 0.25%
- Veröffentlicht 13.07.2023 00:15:24
- Zuletzt bearbeitet 13.02.2025 17:16:02
In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exp...
CVE-2023-32250
- EPSS 2.59%
- Veröffentlicht 10.07.2023 16:15:52
- Zuletzt bearbeitet 21.11.2024 08:02:58
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an o...
CVE-2023-32254
- EPSS 2.94%
- Veröffentlicht 10.07.2023 16:15:52
- Zuletzt bearbeitet 21.11.2024 08:02:59
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an...
CVE-2023-37453
- EPSS 0.63%
- Veröffentlicht 06.07.2023 17:15:14
- Zuletzt bearbeitet 05.05.2025 16:15:42
An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.
CVE-2023-37454
- EPSS 0.36%
- Veröffentlicht 06.07.2023 17:15:14
- Zuletzt bearbeitet 21.11.2024 08:11:44
An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspe...
CVE-2023-35001
- EPSS 1.51%
- Veröffentlicht 05.07.2023 19:15:10
- Zuletzt bearbeitet 21.11.2024 08:07:48
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
CVE-2023-31248
- EPSS 2.03%
- Veröffentlicht 05.07.2023 19:15:09
- Zuletzt bearbeitet 21.11.2024 08:01:42
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace