Monthly
Local privilege escalation in the Linux kernel networking stack (skbuff/MSG_ZEROCOPY path) allows an unprivileged local user to gain full root via a use-after-free on ubuf_info_msgzc. The pskb_carve_inside_header() and pskb_carve_inside_nonlinear() helpers memcpy the skb_shared_info (including the zerocopy destructor_arg/uarg pointer) into a new buffer without calling net_zcopy_get(), so the uarg refcount is decremented more times than it was incremented, freeing the ubuf_info while live TX skbs still reference it. A working proof-of-concept exists that achieves reliable root escalation on a default kernel configuration; the issue is not listed in CISA KEV and EPSS probability is low (0.21%, 11th percentile).
Use-after-free in the KVM arm64 vGIC-ITS translation cache allows a malicious guest to corrupt host kernel memory by triggering concurrent cache invalidations that double-drop a single reference. The flaw affects Linux 6.10 and later until the stable backports, has no public exploit identified at time of analysis, and EPSS rates real-world exploitation probability as very low (0.02%, 5th percentile) despite the CVSS 9.3 rating.
Use-after-free in the Linux kernel's IPv6 SR (seg6) and RPL lightweight tunnel input paths can be triggered on PREEMPT_RT builds when a higher-priority task races ksoftirqd during a concurrent FIB lookup on a shared nexthop. The flaw causes dst_cache_set_ip6() to call dst_hold() on a freed per-CPU route, producing a kernel warning or memory corruption that an attacker on the network could leverage for denial of service or potential code execution. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis.
A flaw was found in grub2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
Local privilege escalation in the Linux kernel networking stack (skbuff/MSG_ZEROCOPY path) allows an unprivileged local user to gain full root via a use-after-free on ubuf_info_msgzc. The pskb_carve_inside_header() and pskb_carve_inside_nonlinear() helpers memcpy the skb_shared_info (including the zerocopy destructor_arg/uarg pointer) into a new buffer without calling net_zcopy_get(), so the uarg refcount is decremented more times than it was incremented, freeing the ubuf_info while live TX skbs still reference it. A working proof-of-concept exists that achieves reliable root escalation on a default kernel configuration; the issue is not listed in CISA KEV and EPSS probability is low (0.21%, 11th percentile).
Use-after-free in the KVM arm64 vGIC-ITS translation cache allows a malicious guest to corrupt host kernel memory by triggering concurrent cache invalidations that double-drop a single reference. The flaw affects Linux 6.10 and later until the stable backports, has no public exploit identified at time of analysis, and EPSS rates real-world exploitation probability as very low (0.02%, 5th percentile) despite the CVSS 9.3 rating.
Use-after-free in the Linux kernel's IPv6 SR (seg6) and RPL lightweight tunnel input paths can be triggered on PREEMPT_RT builds when a higher-priority task races ksoftirqd during a concurrent FIB lookup on a shared nexthop. The flaw causes dst_cache_set_ip6() to call dst_hold() on a freed per-CPU route, producing a kernel warning or memory corruption that an attacker on the network could leverage for denial of service or potential code execution. EPSS is very low (0.02%) and there is no public exploit identified at time of analysis.
A flaw was found in grub2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.