Canonical

Ubuntu Linux

4106 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2023-1523

Exploit
  • EPSS 0.1%
  • Published 01.09.2023 19:15:42
  • Last modified 21.11.2024 07:39:21

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal ...

7.8

CVE-2023-40283

  • EPSS 0.01%
  • Published 14.08.2023 03:15:09
  • Last modified 05.05.2025 14:14:38

An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.

7.8

CVE-2023-2640

Exploit
  • EPSS 92.04%
  • Published 26.07.2023 02:15:09
  • Last modified 21.11.2024 07:58:59

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the uppe...

7.8

CVE-2023-32629

Exploit
  • EPSS 62.7%
  • Published 26.07.2023 02:15:09
  • Last modified 21.11.2024 08:03:44

Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels

7.1

CVE-2023-3567

  • EPSS 0.01%
  • Published 24.07.2023 16:15:12
  • Last modified 21.11.2024 08:17:33

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

7.8

CVE-2023-31248

  • EPSS 0.2%
  • Published 05.07.2023 19:15:09
  • Last modified 21.11.2024 08:01:42

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

7.8

CVE-2023-3389

  • EPSS 0.02%
  • Published 28.06.2023 20:15:09
  • Last modified 13.02.2025 17:16:56

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past comm...

7.8

CVE-2023-35788

Exploit
  • EPSS 0.01%
  • Published 16.06.2023 21:15:09
  • Last modified 05.05.2025 16:15:41

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service o...

4.7

CVE-2023-2612

  • EPSS 0.02%
  • Published 31.05.2023 00:15:10
  • Last modified 21.11.2024 07:58:55

Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).

5.5

CVE-2023-1786

  • EPSS 0.02%
  • Published 26.04.2023 23:15:08
  • Last modified 21.11.2024 07:39:54

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.