The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-3161 | A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. | -- | Jun 8, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3159 | A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. | -- | Jun 13, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3141 | A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. | -- | Jun 9, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3138 | A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption. | -- | Jun 29, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3111 | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | -- | Jun 6, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-3090 | A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if??CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. | -- | Jun 29, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2985 | A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. | -- | May 31, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2953 | A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. | LOW | May 30, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2908 | A null pointer dereference issue was found in Libtiff\'s tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service. | -- | Jul 10, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2861 | A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. | -- | Jun 12, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2860 | An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel. | -- | Jun 29, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2828 | Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. | -- | Jun 26, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2731 | A NULL pointer dereference flaw was found in Libtiff\'s LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service. | -- | May 18, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2650 | Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with \'n\' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer\'s certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low. | LOW | May 30, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2610 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. | -- | May 10, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2609 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. | -- | May 9, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2513 | A use-after-free vulnerability was found in the Linux kernel\'s ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. | -- | May 5, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2483 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | May 5, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2455 | Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. | -- | May 9, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2454 | schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. | -- | May 9, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2426 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. | -- | May 1, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2269 | A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. | -- | Apr 25, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2248 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436. | -- | May 1, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2222 | Rejected reason: This was deemed not a security vulnerability by upstream. | LOW | Apr 23, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2194 | An out-of-bounds write vulnerability was found in the Linux kernel\'s SLIMpro I2C device driver. The userspace data->block[0] variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. | -- | Apr 21, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2177 | A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service. | -- | Apr 21, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2162 | A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. | -- | Apr 20, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2007 | The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. | -- | Apr 25, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2004 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Apr 15, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-2002 | A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. | -- | Apr 17, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1999 | There exists a use after free/double free in libwebp. An attacker can use the??ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. | -- | May 5, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1998 | The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. | -- | Apr 13, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1990 | A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. | -- | Apr 13, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1989 | A use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. | -- | Apr 11, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1981 | A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. | -- | Apr 12, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1859 | A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. | -- | Apr 6, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1855 | A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. | -- | Apr 6, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1838 | A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. | -- | Apr 6, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1829 | A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation.??The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure.??A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. | -- | Apr 12, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1670 | A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | -- | Mar 31, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1637 | A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks. | -- | Mar 28, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1582 | A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. | -- | Mar 27, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1513 | A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. | -- | Mar 24, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-1393 | A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. | -- | Apr 2, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-1390 | A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition. | -- | Mar 17, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-1382 | A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. | -- | Mar 15, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-1380 | A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. | -- | Mar 15, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1355 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. | -- | Mar 11, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
| CVE-2023-1281 | Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation.??The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when \'tcf_exts_exec()\' is called with the destroyed tcf_ext.??A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. | -- | Mar 24, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2023-1264 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. | -- | Mar 8, 2023 | 10.18.44.30 (Wind River Linux LTS 18) |
