Linux Kernel vulnerabilities

CVE-2021-34981 [MEDIUM] CWE-415 CVE-2021-34981: Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerabilit Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists

CVE-2024-1086 [HIGH] CWE-416 CVE-2024-1086: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error whi

CVE-2024-1085 [HIGH] CWE-416 CVE-2024-1085: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next g

CVE-2023-6931 [HIGH] CWE-787 CVE-2023-6931: A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component c A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.

CVE-2023-6932 [HIGH] CWE-416 CVE-2023-6932: A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achiev A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.

CVE-2023-6817 [HIGH] CWE-416 CVE-2023-6817: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past c

CVE-2023-6111 [HIGH] CWE-416 CVE-2023-6111: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times. We recommend upgradin

CVE-2023-5717 [HIGH] CWE-787 CVE-2023-5717: A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We

CVE-2023-5345 [HIGH] CWE-416 CVE-2023-5345: A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to ach A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.

CVE-2023-5197 [HIGH] CWE-416 CVE-2023-5197: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.

CVE-2023-4921 [HIGH] CWE-416 CVE-2023-4921: A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited t A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). W

CVE-2023-3777 [HIGH] CWE-416 CVE-2023-3777: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6

CVE-2023-4622 [HIGH] CWE-416 CVE-2023-4622: A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve l A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released b

CVE-2023-4207 [HIGH] CWE-416 CVE-2023-4207: A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter()

CVE-2023-4623 [HIGH] CWE-416 CVE-2023-4623: A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remov

CVE-2023-4015 [HIGH] CWE-416 CVE-2023-4015: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used. We recommend upgrading past commi

CVE-2023-4206 [HIGH] CWE-416 CVE-2023-4206: A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_f

CVE-2023-4244 [HIGH] CWE-416 CVE-2023-4244: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We reco

CVE-2023-4208 [HIGH] CWE-416 CVE-2023-4208: A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited t A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter

CVE-2023-3611 [HIGH] CWE-787 CVE-2023-3611: An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be explo An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0